Zdravím všechny . Prosím o radu. Tento týden mi začalo PC hrozně dlouho startovat...přes tři minuty .Když se vše nastartuje , prace v něm je hrozně pomalá. I když nic nedělám, zdá se mi, že disk pořad něco načítá...prostě pořád "chroustá". Přečetl jsem si tady na PCtuningu články o spyware atd.. Počítač (notebook) jsem projel jak Spybotem tak NODem tak SpywareTerminatorem. Naslo to par kritických chyb , které jsem opravil, ale PC to nezrychlilo. Mám spuštěný rezidentní štít u Terminatora...a třeba když dám Tento počítač...zakáže jakýsi trojan.. ale rychlost je stále stejná.Tak jsem to projel HIjack This. A viz níže zasílám co mi vypsal. Tak bych chtěl poprosit ,jestli by mi někdo poradil, jak se toho zbavit...předem díky moc.
Honza
Logfile of HijackThis v1.99.1
Scan saved at 10:25:00, on 17.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
C:\Program Files\ANSYS Inc\v110\RSM\bin\JobManagerService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\UMonit.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\WINDOWS\system32\regsvr32.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\QIP\qip.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE
C:\Program Files\Labtec NumPad\Magickey.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Software\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\UMonit.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [kfkninwv] rundll32.exe "C:\Program Files\kfkninwv\axktmjyz.dll",Init
O4 - HKLM\..\Run: [zcxqhkla] regsvr32 /u "C:\Documents and Settings\All Users\Data aplikací\zcxqhkla.dll"
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKLM\..\Run: [OutpostMonitor] C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe /tray
O4 - HKLM\..\Run: [OutpostFeedBack] "C:\Program Files\Agnitum\Outpost Firewall Pro\feedback.exe" /dump:os_startup
O4 - HKLM\..\Run: [883de620] rundll32.exe "C:\WINDOWS\system32\swhnnrtc.dll",b
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_S2F25.tmp" /EF "HKCU"
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Enable Labtec NumPad.lnk = C:\Program Files\Labtec NumPad\Magickey.exe
O4 - Global Startup: Power4 Gear (2).lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall Pro\ie_bar.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - AppInit_DLLs: c:\progra~1\agnitum\outpos~1\wl_hook.dll apshook.dll
O23 - Service: Agnitum Client Security Service (acssrv) - Agnitum Ltd. - C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Backbone Service (BBDemon) - Unknown owner - C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe" -service (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ansys JobManager Service V11 (JobManagerService110) - Ansys, Inc - C:\Program Files\ANSYS Inc\v110\RSM\bin\JobManagerService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Ansys ScriptHost Service V11 (ScriptHostService110) - Ansys, Inc. - C:\Program Files\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
Pomalé PC , divné PC
- honzahkj
- Nováček
-
- Registrován: 17. lis 2007
- rary
- Začátečník
-
- Registrován: 20. čer 2006
Aplikuj prosím ComboFix:
Stáhni si ComboFix a ulož ho na plochu, spusť ho.Postupuj dle pokynů během aplikování ComboFixu neklikej do zobrazujícího se okna může se stát totiž že to proces zastaví.
Po skončení se vytvoří log tak sem zkopíruj jeho obsah.
Jinak je log umístěný na - C:\ComboFix.txt
(Je možné že se PC restartuje pokud combofix nalezne nějaký infikovaný soubory u kterých je potřeba restart aby je smazal.)
Musíš mít účet administrátora aby ti fungoval ComboFix.
Stáhni si ComboFix a ulož ho na plochu, spusť ho.Postupuj dle pokynů během aplikování ComboFixu neklikej do zobrazujícího se okna může se stát totiž že to proces zastaví.
Po skončení se vytvoří log tak sem zkopíruj jeho obsah.
Jinak je log umístěný na - C:\ComboFix.txt
(Je možné že se PC restartuje pokud combofix nalezne nějaký infikovaný soubory u kterých je potřeba restart aby je smazal.)
Musíš mít účet administrátora aby ti fungoval ComboFix.
- honzahkj
- Nováček
-
- Registrován: 17. lis 2007
Combofix
Ahoj Díky předem. Tady je vypis z Combofixu. I po tom co restartoval ...ten comp beha silene pomalu....Spybot mi neco najde ale chce to restartovat aby mohl smazat...ale pak napise stejne ze nejde smazat...tak nevim...ach jo..
Díky zatíím
ComboFix 07-11-08.1 - Honza 2007-11-17 14:15:20.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1156 [GMT 1:00]Running from: C:\Documents and Settings\Honza\Plocha\ComboFix.exe
* Created a new restore point
.
Unable to gain System Privileges
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Honza\Data aplikací\macromedia\Flash Player\#SharedObjects\96X9UKVZ\www.broadcaster.com
C:\Documents and Settings\Honza\Data aplikací\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Honza\Data aplikací\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\SecCenter
C:\WINDOWS\system32\hjllm.ini
C:\WINDOWS\system32\hjllm.ini2
C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\pskill.exe
.
((((((((((((((((((((((((( Files Created from 2007-10-17 to 2007-11-17 )))))))))))))))))))))))))))))))
.
2007-11-17 14:12 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-16 17:10 81,984 --a------ C:\WINDOWS\system32\tpfnafbp.dll
2007-11-16 17:07 85,056 --a------ C:\WINDOWS\system32\swhnnrtc.dll
2007-11-16 01:20 434,336 --a------ C:\WINDOWS\system32\drivers\SandBox.sys
2007-11-16 01:20 197,264 --a------ C:\WINDOWS\system32\drivers\afw.sys
2007-11-16 01:19 <DIR> d-------- C:\WINDOWS\system32\Filt
2007-11-16 01:19 <DIR> d-------- C:\Program Files\Agnitum
2007-11-16 00:57 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-11-16 00:53 <DIR> dr-h----- C:\MSOCache
2007-11-15 22:06 138,624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-11-15 21:55 <DIR> d-------- C:\Program Files\Crawler
2007-11-15 21:52 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-11-15 21:35 <DIR> d-------- C:\WINDOWS\system32\fibagbia
2007-11-15 21:35 <DIR> d-------- C:\Program Files\Mwopmike
2007-11-15 21:34 <DIR> d-------- C:\Program Files\kfkninwv
2007-11-15 14:58 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-11-14 20:10 37,376 --a------ C:\WINDOWS\system32\khffecd.dll
2007-11-14 13:10 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-11-12 15:52 <DIR> d-------- C:\Documents and Settings\Honza\WLSCompanion
2007-11-09 09:50 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2007-11-08 22:55 <DIR> d-------- C:\Program Files\ABBYY FineReader 6.0 Sprint
2007-11-08 22:51 76,800 --a------ C:\WINDOWS\system32\E_FLBCDE.DLL
2007-11-08 22:51 62,976 --a------ C:\WINDOWS\system32\E_FD4BCDE.DLL
2007-11-08 22:51 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2007-11-08 22:50 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-11-08 22:50 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-11-08 22:46 <DIR> d-------- C:\Program Files\epson
2007-11-08 22:46 67,072 --a------ C:\WINDOWS\system32\escwiad.dll
2007-11-08 22:44 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-11-08 22:44 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-11-07 17:00 <DIR> d-------- C:\SILENCE_OF_THE_LAMBS
2007-11-07 12:56 <DIR> d-------- C:\Program Files\Yahoo!
2007-11-07 12:25 <DIR> d-------- C:\Program Files\Weather Pulse
2007-11-06 21:21 <DIR> d-------- C:\Program Files\SpamBayes
2007-11-04 12:24 <DIR> d-------- C:\WINDOWS\system32\VIRepair
2007-11-04 09:03 <DIR> d-------- C:\Program Files\ViOrb
2007-11-04 01:42 <DIR> d-------- C:\WINDOWS\system32\VITrans
2007-11-04 01:42 <DIR> d-------- C:\VTPFiles
2007-11-04 01:42 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
2007-11-04 01:42 19,968 --a------ C:\WINDOWS\system32\reico.exe
2007-11-04 01:42 8,636 --a------ C:\WINDOWS\system32\modifype.exe
2007-11-04 00:42 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-11-03 09:00 <DIR> d-------- C:\Shoty
2007-11-03 08:59 <DIR> d-------- C:\Program Files\ScreenShots
2007-10-29 10:32 <DIR> d-------- C:\Program Files\ANSYS Inc
2007-10-25 20:16 <DIR> d-------- C:\Program Files\Dassault Systemes
2007-10-25 13:32 <DIR> d-------- C:\gamesy
2007-10-22 18:14 <DIR> d-------- C:\Program Files\Ubisoft
2007-10-22 17:54 <DIR> d-------- C:\Program Files\Real
2007-10-22 17:54 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-10-22 17:54 <DIR> d-------- C:\Program Files\Common Files\Real
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-16 00:15 --------- d-----w C:\Program Files\ICQToolbar
2007-11-15 18:46 1,323 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-11-15 13:58 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-14 19:13 --------- d-----w C:\Program Files\Azureus
2007-11-10 09:28 --------- d-----w C:\Program Files\ICQ6
2007-11-08 21:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-08 21:58 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-03 16:29 --------- d-----w C:\Program Files\CoolSMScz
2007-11-03 16:03 --------- d-----w C:\Program Files\Net Profile Switch
2007-10-27 08:35 --------- d-----w C:\Program Files\Fma 2
2007-10-23 20:01 --------- d-----w C:\Program Files\Winamp
2007-10-12 08:13 --------- d-----w C:\Program Files\T-Mobile
2007-10-12 08:13 --------- d-----w C:\Program Files\Common Files\GtFlashSwitch
2007-10-04 16:44 --------- d-----w C:\Program Files\DVD Decrypter
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2006-05-03 09:06:54 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0b699c92-7cbf-4151-ab01-620c366f8bee}]
2007-11-16 17:10 81984 --a------ C:\WINDOWS\system32\tpfnafbp.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{200D0AAD-71B1-51C9-DDB0-092BA4662A54}]
C:\Program Files\Mwopmike\wsklvplp.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0B54BEC-9209-4B5D-94E5-A8906DE18FFB}]
2007-11-14 20:10 37376 --a------ C:\WINDOWS\system32\khffecd.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-08-23 15:22]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41]
"UMonit"="C:\WINDOWS\system32\UMonit.exe" [2006-08-14 10:54]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 16:09]
"CognizanceTS"="C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-22 13:12]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-05-18 22:34]
"ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2006-05-30 09:28]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 10:12]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 23:38]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 23:32]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-22 17:54]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-11-15 22:04]
"883de620"="C:\WINDOWS\system32\swhnnrtc.dll" [2007-11-16 17:07]
"OutpostMonitor"="C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" [2007-10-22 16:49]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31]
"QIP2005"="C:\Program Files\QIP\qip.exe" [2007-07-15 11:43]
"EPSON Stylus DX7400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.exe" [2007-04-12 07:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E0B54BEC-9209-4B5D-94E5-A8906DE18FFB}"= C:\WINDOWS\system32\khffecd.dll [2007-11-14 20:10 37376]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khffecd]
khffecd.dll 2007-11-14 20:10 37376 C:\WINDOWS\system32\khffecd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll 2006-05-03 06:23 40448 C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjvd32]
winjvd32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\agnitum\outpos~1\wl_hook.dll apshook.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mlljh.dll
"Notification Packages"= scecli ASWLNPkg
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Akcelerátor spuštění AutoCADu.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Akcelerátor spuštění AutoCADu.lnk
backup=C:\WINDOWS\pss\Akcelerátor spuštění AutoCADu.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
KHALMNPR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Net4Switch]
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
R1 ItSDisk;ItSDisk;C:\WINDOWS\system32\Drivers\ItSDisk.sys
R1 LUMDriver;LUMDriver;\??\C:\WINDOWS\system32\drivers\LUMDriver.sys
R1 SandBox;SandBox;C:\WINDOWS\system32\DRIVERS\SandBox.sys
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
R1 UsbFltr;WayTechMUSBFilterDriver;C:\WINDOWS\system32\drivers\UsbFltr.sys
R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe -k Cognizance
R2 BBDemon;Backbone Service;"C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe" -service
R2 GtFlashSwitch;GtFlashSwitch;"C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe"
R2 JobManagerService110;Ansys JobManager Service V11;"C:\Program Files\ANSYS Inc\v110\RSM\bin\JobManagerService.exe"
R2 MSSQL$INVENTORCONTENT;MSSQL$INVENTORCONTENT;C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe -sINVENTORCONTENT
R2 ScriptHostService110;Ansys ScriptHost Service V11;"C:\Program Files\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe"
R3 afw;Agnitum firewall driver;C:\WINDOWS\system32\DRIVERS\afw.sys
R3 FIXUSTOR;FIXUSTOR;C:\WINDOWS\system32\DRIVERS\fixustor.sys
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;C:\WINDOWS\system32\Drivers\SynMini.sys
R3 SynScan;ASUS WebCam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys
S2 acssrv;Agnitum Client Security Service;C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
S3 ASWFilt;ASWFilt;C:\WINDOWS\system32\Filt\ASWFilt.dll
S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys
S3 GTUQBUS;GT UQ BUS;C:\WINDOWS\system32\DRIVERS\gtuqbus.sys
S3 SQLAgent$INVENTORCONTENT;SQLAgent$INVENTORCONTENT;C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE -i INVENTORCONTENT
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance ASChannel
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 14:36:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-17 14:39:13 - machine was rebooted
.
--- E O F ---
Díky zatíím
ComboFix 07-11-08.1 - Honza 2007-11-17 14:15:20.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1156 [GMT 1:00]Running from: C:\Documents and Settings\Honza\Plocha\ComboFix.exe
* Created a new restore point
.
Unable to gain System Privileges
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\Honza\Data aplikací\macromedia\Flash Player\#SharedObjects\96X9UKVZ\www.broadcaster.com
C:\Documents and Settings\Honza\Data aplikací\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Honza\Data aplikací\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Program Files\SecCenter
C:\WINDOWS\system32\hjllm.ini
C:\WINDOWS\system32\hjllm.ini2
C:\WINDOWS\system32\mlljh.dll
C:\WINDOWS\system32\pskill.exe
.
((((((((((((((((((((((((( Files Created from 2007-10-17 to 2007-11-17 )))))))))))))))))))))))))))))))
.
2007-11-17 14:12 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-16 17:10 81,984 --a------ C:\WINDOWS\system32\tpfnafbp.dll
2007-11-16 17:07 85,056 --a------ C:\WINDOWS\system32\swhnnrtc.dll
2007-11-16 01:20 434,336 --a------ C:\WINDOWS\system32\drivers\SandBox.sys
2007-11-16 01:20 197,264 --a------ C:\WINDOWS\system32\drivers\afw.sys
2007-11-16 01:19 <DIR> d-------- C:\WINDOWS\system32\Filt
2007-11-16 01:19 <DIR> d-------- C:\Program Files\Agnitum
2007-11-16 00:57 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-11-16 00:53 <DIR> dr-h----- C:\MSOCache
2007-11-15 22:06 138,624 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-11-15 21:55 <DIR> d-------- C:\Program Files\Crawler
2007-11-15 21:52 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-11-15 21:35 <DIR> d-------- C:\WINDOWS\system32\fibagbia
2007-11-15 21:35 <DIR> d-------- C:\Program Files\Mwopmike
2007-11-15 21:34 <DIR> d-------- C:\Program Files\kfkninwv
2007-11-15 14:58 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-11-14 20:10 37,376 --a------ C:\WINDOWS\system32\khffecd.dll
2007-11-14 13:10 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-11-12 15:52 <DIR> d-------- C:\Documents and Settings\Honza\WLSCompanion
2007-11-09 09:50 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2007-11-08 22:55 <DIR> d-------- C:\Program Files\ABBYY FineReader 6.0 Sprint
2007-11-08 22:51 76,800 --a------ C:\WINDOWS\system32\E_FLBCDE.DLL
2007-11-08 22:51 62,976 --a------ C:\WINDOWS\system32\E_FD4BCDE.DLL
2007-11-08 22:51 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2007-11-08 22:50 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-11-08 22:50 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-11-08 22:46 <DIR> d-------- C:\Program Files\epson
2007-11-08 22:46 67,072 --a------ C:\WINDOWS\system32\escwiad.dll
2007-11-08 22:44 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-11-08 22:44 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-11-07 17:00 <DIR> d-------- C:\SILENCE_OF_THE_LAMBS
2007-11-07 12:56 <DIR> d-------- C:\Program Files\Yahoo!
2007-11-07 12:25 <DIR> d-------- C:\Program Files\Weather Pulse
2007-11-06 21:21 <DIR> d-------- C:\Program Files\SpamBayes
2007-11-04 12:24 <DIR> d-------- C:\WINDOWS\system32\VIRepair
2007-11-04 09:03 <DIR> d-------- C:\Program Files\ViOrb
2007-11-04 01:42 <DIR> d-------- C:\WINDOWS\system32\VITrans
2007-11-04 01:42 <DIR> d-------- C:\VTPFiles
2007-11-04 01:42 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
2007-11-04 01:42 19,968 --a------ C:\WINDOWS\system32\reico.exe
2007-11-04 01:42 8,636 --a------ C:\WINDOWS\system32\modifype.exe
2007-11-04 00:42 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-11-03 09:00 <DIR> d-------- C:\Shoty
2007-11-03 08:59 <DIR> d-------- C:\Program Files\ScreenShots
2007-10-29 10:32 <DIR> d-------- C:\Program Files\ANSYS Inc
2007-10-25 20:16 <DIR> d-------- C:\Program Files\Dassault Systemes
2007-10-25 13:32 <DIR> d-------- C:\gamesy
2007-10-22 18:14 <DIR> d-------- C:\Program Files\Ubisoft
2007-10-22 17:54 <DIR> d-------- C:\Program Files\Real
2007-10-22 17:54 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-10-22 17:54 <DIR> d-------- C:\Program Files\Common Files\Real
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-16 00:15 --------- d-----w C:\Program Files\ICQToolbar
2007-11-15 18:46 1,323 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-11-15 13:58 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-14 19:13 --------- d-----w C:\Program Files\Azureus
2007-11-10 09:28 --------- d-----w C:\Program Files\ICQ6
2007-11-08 21:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-08 21:58 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-03 16:29 --------- d-----w C:\Program Files\CoolSMScz
2007-11-03 16:03 --------- d-----w C:\Program Files\Net Profile Switch
2007-10-27 08:35 --------- d-----w C:\Program Files\Fma 2
2007-10-23 20:01 --------- d-----w C:\Program Files\Winamp
2007-10-12 08:13 --------- d-----w C:\Program Files\T-Mobile
2007-10-12 08:13 --------- d-----w C:\Program Files\Common Files\GtFlashSwitch
2007-10-04 16:44 --------- d-----w C:\Program Files\DVD Decrypter
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2006-05-03 09:06:54 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0b699c92-7cbf-4151-ab01-620c366f8bee}]
2007-11-16 17:10 81984 --a------ C:\WINDOWS\system32\tpfnafbp.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{200D0AAD-71B1-51C9-DDB0-092BA4662A54}]
C:\Program Files\Mwopmike\wsklvplp.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E0B54BEC-9209-4B5D-94E5-A8906DE18FFB}]
2007-11-14 20:10 37376 --a------ C:\WINDOWS\system32\khffecd.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-08-23 15:22]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41]
"UMonit"="C:\WINDOWS\system32\UMonit.exe" [2006-08-14 10:54]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 16:09]
"CognizanceTS"="C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-22 13:12]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2007-05-18 22:34]
"ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2006-05-30 09:28]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 10:12]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 23:38]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 23:32]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-22 17:54]
"SpywareTerminator"="C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [2007-11-15 22:04]
"883de620"="C:\WINDOWS\system32\swhnnrtc.dll" [2007-11-16 17:07]
"OutpostMonitor"="C:\PROGRA~1\Agnitum\OUTPOS~1\op_mon.exe" [2007-10-22 16:49]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31]
"QIP2005"="C:\Program Files\QIP\qip.exe" [2007-07-15 11:43]
"EPSON Stylus DX7400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.exe" [2007-04-12 07:00]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{E0B54BEC-9209-4B5D-94E5-A8906DE18FFB}"= C:\WINDOWS\system32\khffecd.dll [2007-11-14 20:10 37376]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\khffecd]
khffecd.dll 2007-11-14 20:10 37376 C:\WINDOWS\system32\khffecd.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll 2006-05-03 06:23 40448 C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjvd32]
winjvd32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\agnitum\outpos~1\wl_hook.dll apshook.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\mlljh.dll
"Notification Packages"= scecli ASWLNPkg
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Akcelerátor spuštění AutoCADu.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Akcelerátor spuštění AutoCADu.lnk
backup=C:\WINDOWS\pss\Akcelerátor spuštění AutoCADu.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
KHALMNPR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Net4Switch]
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
R1 ItSDisk;ItSDisk;C:\WINDOWS\system32\Drivers\ItSDisk.sys
R1 LUMDriver;LUMDriver;\??\C:\WINDOWS\system32\drivers\LUMDriver.sys
R1 SandBox;SandBox;C:\WINDOWS\system32\DRIVERS\SandBox.sys
R1 sp_rsdrv2;Spyware Terminator Driver 2;\??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
R1 UsbFltr;WayTechMUSBFilterDriver;C:\WINDOWS\system32\drivers\UsbFltr.sys
R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe -k Cognizance
R2 BBDemon;Backbone Service;"C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe" -service
R2 GtFlashSwitch;GtFlashSwitch;"C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe"
R2 JobManagerService110;Ansys JobManager Service V11;"C:\Program Files\ANSYS Inc\v110\RSM\bin\JobManagerService.exe"
R2 MSSQL$INVENTORCONTENT;MSSQL$INVENTORCONTENT;C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe -sINVENTORCONTENT
R2 ScriptHostService110;Ansys ScriptHost Service V11;"C:\Program Files\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe"
R3 afw;Agnitum firewall driver;C:\WINDOWS\system32\DRIVERS\afw.sys
R3 FIXUSTOR;FIXUSTOR;C:\WINDOWS\system32\DRIVERS\fixustor.sys
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;C:\WINDOWS\system32\Drivers\SynMini.sys
R3 SynScan;ASUS WebCam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys
S2 acssrv;Agnitum Client Security Service;C:\PROGRA~1\Agnitum\OUTPOS~1\acs.exe
S3 ASWFilt;ASWFilt;C:\WINDOWS\system32\Filt\ASWFilt.dll
S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys
S3 GTUQBUS;GT UQ BUS;C:\WINDOWS\system32\DRIVERS\gtuqbus.sys
S3 SQLAgent$INVENTORCONTENT;SQLAgent$INVENTORCONTENT;C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE -i INVENTORCONTENT
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance ASChannel
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 14:36:10
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-11-17 14:39:13 - machine was rebooted
.
--- E O F ---
- BUBINO
- Začátečník
-
- Registrován: 12. čer 2007
- Bydliště: Mám
Re: Combofix
Mate tam toho neurekom ! . Bude to trocha dlksie trvat , ale hned napisem navod co urobite.
- BUBINO
- Začátečník
-
- Registrován: 12. čer 2007
- Bydliště: Mám
- BUBINO
- Začátečník
-
- Registrován: 12. čer 2007
- Bydliště: Mám
Re: Combofix
Este som zabudol . Urobte novy log z ComboFix.
- honzahkj
- Nováček
-
- Registrován: 17. lis 2007
nenalezen vir
Tak jsem to projel Vundem, napsal mi, že nebyly nalezeny žádne infected files . Comp je stale při stratu pomalý , a při práci také. Občas se na chvili zakousne . Většinou ve Firefoxu.
zde je txt. z VUNDA
Nerad bych formatoval disk kvuli tomu...horor !
díky za ochotu a za každou další radu
VundoFix V6.6.2
Checking Java version...
Scan started at 20:37:45 17.11.2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
zde je txt. z VUNDA
Nerad bych formatoval disk kvuli tomu...horor !
díky za ochotu a za každou další radu
VundoFix V6.6.2
Checking Java version...
Scan started at 20:37:45 17.11.2007
Listing files found while scanning....
No infected files were found.
Beginning removal...
- BUBINO
- Začátečník
-
- Registrován: 12. čer 2007
- Bydliště: Mám
Re: nenalezen vir
Formatovat nemusite , len ked som videl kolko bordelu mate , takmer som skolaboval . Bez srandy . Urobte obidve moznosti ktore tam su popisane.
- honzahkj
- Nováček
-
- Registrován: 17. lis 2007
Tak projel jsem vše podle návodu. Po restartování do nouzoveho režimu a zapnutí VirtumundoBeGone a zpětném restaru se rychlost značne zvýšila.. ale zdá se mi že to není ješte puvodní.
Zde je výpis VirtumundoBeGone :
[11/17/2007, 21:05:32] - VirtumundoBeGone v1.5 ( "C:\VirtumundoBeGone.exe" )
[11/17/2007, 21:05:45] - Detected System Information:
[11/17/2007, 21:05:45] - Windows Version: 5.1.2600, Service Pack 2
[11/17/2007, 21:05:45] - Current Username: Administrator (Admin)
[11/17/2007, 21:05:45] - Windows is in SAFE mode with Networking.
[11/17/2007, 21:05:45] - Searching for Browser Helper Objects:
[11/17/2007, 21:05:45] - BHO 1: {055FD26D-3A88-4e15-963D-DC8493744B1D} (XTTBPos00 Class)
[11/17/2007, 21:05:45] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[11/17/2007, 21:05:45] - BHO 3: {0b699c92-7cbf-4151-ab01-620c366f8bee} ()
[11/17/2007, 21:05:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:05:45] - Checking for HKLM\...\Winlogon\Notify\tpfnafbp
[11/17/2007, 21:05:45] - Key not found: HKLM\...\Winlogon\Notify\tpfnafbp, continuing.
[11/17/2007, 21:05:45] - BHO 4: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} ()
[11/17/2007, 21:05:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:05:45] - Checking for HKLM\...\Winlogon\Notify\ctbr
[11/17/2007, 21:05:45] - Key not found: HKLM\...\Winlogon\Notify\ctbr, continuing.
[11/17/2007, 21:05:45] - BHO 5: {200D0AAD-71B1-51C9-DDB0-092BA4662A54} ()
[11/17/2007, 21:05:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:05:45] - Checking for HKLM\...\Winlogon\Notify\wsklvplp
[11/17/2007, 21:05:45] - Key not found: HKLM\...\Winlogon\Notify\wsklvplp, continuing.
[11/17/2007, 21:05:45] - BHO 6: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[11/17/2007, 21:05:45] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} ()
[11/17/2007, 21:05:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:05:45] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[11/17/2007, 21:05:45] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[11/17/2007, 21:05:45] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/17/2007, 21:05:45] - BHO 9: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
[11/17/2007, 21:05:45] - BHO 10: {DF21F1DB-80C6-11D3-9483-B03D0EC10000} (ASUS Security Protect Manager)
[11/17/2007, 21:05:45] - BHO 11: {E0B54BEC-9209-4B5D-94E5-A8906DE18FFB} ()
[11/17/2007, 21:05:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:05:45] - Checking for HKLM\...\Winlogon\Notify\khffecd
[11/17/2007, 21:05:45] - Found: HKLM\...\Winlogon\Notify\khffecd - This is probably Virtumundo.
[11/17/2007, 21:05:45] - Assigning {E0B54BEC-9209-4B5D-94E5-A8906DE18FFB} MSEvents Object
[11/17/2007, 21:05:45] - BHO list has been changed! Starting over...
[11/17/2007, 21:05:45] - BHO 1: {055FD26D-3A88-4e15-963D-DC8493744B1D} (XTTBPos00 Class)
[11/17/2007, 21:05:45] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[11/17/2007, 21:05:45] - BHO 3: {0b699c92-7cbf-4151-ab01-620c366f8bee} ()
[11/17/2007, 21:05:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:05:45] - Checking for HKLM\...\Winlogon\Notify\tpfnafbp
[11/17/2007, 21:05:45] - Key not found: HKLM\...\Winlogon\Notify\tpfnafbp, continuing.
[11/17/2007, 21:05:45] - BHO 4: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} ()
[11/17/2007, 21:05:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:05:45] - Checking for HKLM\...\Winlogon\Notify\ctbr
[11/17/2007, 21:05:45] - Key not found: HKLM\...\Winlogon\Notify\ctbr, continuing.
[11/17/2007, 21:05:45] - BHO 5: {200D0AAD-71B1-51C9-DDB0-092BA4662A54} ()
[11/17/2007, 21:05:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:05:45] - Checking for HKLM\...\Winlogon\Notify\wsklvplp
[11/17/2007, 21:05:45] - Key not found: HKLM\...\Winlogon\Notify\wsklvplp, continuing.
[11/17/2007, 21:05:45] - BHO 6: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[11/17/2007, 21:05:45] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} ()
[11/17/2007, 21:05:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:05:45] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[11/17/2007, 21:05:45] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[11/17/2007, 21:05:45] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/17/2007, 21:05:45] - BHO 9: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
[11/17/2007, 21:05:45] - BHO 10: {DF21F1DB-80C6-11D3-9483-B03D0EC10000} (ASUS Security Protect Manager)
[11/17/2007, 21:05:45] - BHO 11: {E0B54BEC-9209-4B5D-94E5-A8906DE18FFB} (MSEvents Object)
[11/17/2007, 21:05:45] - ALERT: Found MSEvents Object!
[11/17/2007, 21:05:45] - Finished Searching Browser Helper Objects
[11/17/2007, 21:05:45] - *** Detected MSEvents Object
[11/17/2007, 21:05:45] - Trying to remove MSEvents Object...
[11/17/2007, 21:05:46] - Terminating Process: IEXPLORE.EXE
[11/17/2007, 21:05:46] - Terminating Process: RUNDLL32.EXE
[11/17/2007, 21:05:46] - Disabling Automatic Shell Restart
[11/17/2007, 21:05:46] - Terminating Process: EXPLORER.EXE
[11/17/2007, 21:05:46] - Suspending the NT Session Manager System Service
[11/17/2007, 21:05:47] - Terminating Windows NT Logon/Logoff Manager
[11/17/2007, 21:05:47] - Re-enabling Automatic Shell Restart
[11/17/2007, 21:05:47] - File to disable: C:\WINDOWS\system32\khffecd.dll
[11/17/2007, 21:05:47] - Renaming C:\WINDOWS\system32\khffecd.dll -> C:\WINDOWS\system32\khffecd.dll.vir
[11/17/2007, 21:05:47] - File successfully renamed!
[11/17/2007, 21:05:47] - Removing HKLM\...\Browser Helper Objects\{E0B54BEC-9209-4B5D-94E5-A8906DE18FFB}
[11/17/2007, 21:05:47] - Removing HKCR\CLSID\{E0B54BEC-9209-4B5D-94E5-A8906DE18FFB}
[11/17/2007, 21:05:47] - Adding Kill Bit for ActiveX for GUID: {E0B54BEC-9209-4B5D-94E5-A8906DE18FFB}
[11/17/2007, 21:05:47] - Deleting ATLEvents/MSEvents Registry entries
[11/17/2007, 21:05:47] - Removing HKLM\...\Winlogon\Notify\khffecd
[11/17/2007, 21:05:47] - Searching for Browser Helper Objects:
[11/17/2007, 21:05:47] - BHO 1: {055FD26D-3A88-4e15-963D-DC8493744B1D} (XTTBPos00 Class)
[11/17/2007, 21:05:47] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[11/17/2007, 21:05:47] - BHO 3: {0b699c92-7cbf-4151-ab01-620c366f8bee} ()
[11/17/2007, 21:05:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:05:47] - Checking for HKLM\...\Winlogon\Notify\tpfnafbp
[11/17/2007, 21:05:47] - Key not found: HKLM\...\Winlogon\Notify\tpfnafbp, continuing.
[11/17/2007, 21:05:47] - BHO 4: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} ()
[11/17/2007, 21:05:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:05:47] - Checking for HKLM\...\Winlogon\Notify\ctbr
[11/17/2007, 21:05:47] - Key not found: HKLM\...\Winlogon\Notify\ctbr, continuing.
[11/17/2007, 21:05:47] - BHO 5: {200D0AAD-71B1-51C9-DDB0-092BA4662A54} ()
[11/17/2007, 21:05:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:05:47] - Checking for HKLM\...\Winlogon\Notify\wsklvplp
[11/17/2007, 21:05:47] - Key not found: HKLM\...\Winlogon\Notify\wsklvplp, continuing.
[11/17/2007, 21:05:47] - BHO 6: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[11/17/2007, 21:05:47] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} ()
[11/17/2007, 21:05:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:05:47] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[11/17/2007, 21:05:47] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[11/17/2007, 21:05:47] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/17/2007, 21:05:47] - BHO 9: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
[11/17/2007, 21:05:47] - BHO 10: {DF21F1DB-80C6-11D3-9483-B03D0EC10000} (ASUS Security Protect Manager)
[11/17/2007, 21:05:47] - Finished Searching Browser Helper Objects
[11/17/2007, 21:05:47] - Finishing up...
[11/17/2007, 21:05:47] - A restart is needed.
[11/17/2007, 21:06:27] - Attempting to Restart via STOP error (Blue Screen!)
[11/17/2007, 21:11:32] - VirtumundoBeGone v1.5 ( "C:\VirtumundoBeGone.exe" )
[11/17/2007, 21:11:45] - Detected System Information:
[11/17/2007, 21:11:45] - Windows Version: 5.1.2600, Service Pack 2
[11/17/2007, 21:11:45] - Current Username: Administrator (Admin)
[11/17/2007, 21:11:45] - Windows is in SAFE mode with Networking.
[11/17/2007, 21:11:45] - Searching for Browser Helper Objects:
[11/17/2007, 21:11:45] - BHO 1: {055FD26D-3A88-4e15-963D-DC8493744B1D} (XTTBPos00 Class)
[11/17/2007, 21:11:45] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[11/17/2007, 21:11:45] - BHO 3: {0b699c92-7cbf-4151-ab01-620c366f8bee} ()
[11/17/2007, 21:11:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:11:45] - Checking for HKLM\...\Winlogon\Notify\tpfnafbp
[11/17/2007, 21:11:45] - Key not found: HKLM\...\Winlogon\Notify\tpfnafbp, continuing.
[11/17/2007, 21:11:45] - BHO 4: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} ()
[11/17/2007, 21:11:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:11:45] - Checking for HKLM\...\Winlogon\Notify\ctbr
[11/17/2007, 21:11:45] - Key not found: HKLM\...\Winlogon\Notify\ctbr, continuing.
[11/17/2007, 21:11:45] - BHO 5: {200D0AAD-71B1-51C9-DDB0-092BA4662A54} ()
[11/17/2007, 21:11:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:11:45] - Checking for HKLM\...\Winlogon\Notify\wsklvplp
[11/17/2007, 21:11:45] - Key not found: HKLM\...\Winlogon\Notify\wsklvplp, continuing.
[11/17/2007, 21:11:45] - BHO 6: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[11/17/2007, 21:11:45] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} ()
[11/17/2007, 21:11:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:11:45] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[11/17/2007, 21:11:45] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[11/17/2007, 21:11:45] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/17/2007, 21:11:45] - BHO 9: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
[11/17/2007, 21:11:45] - BHO 10: {DF21F1DB-80C6-11D3-9483-B03D0EC10000} (ASUS Security Protect Manager)
[11/17/2007, 21:11:45] - Finished Searching Browser Helper Objects
[11/17/2007, 21:11:45] - Finishing up...
[11/17/2007, 21:11:45] - Nothing found! Exiting...
[11/17/2007, 21:12:54] - VirtumundoBeGone v1.5 ( "C:\VirtumundoBeGone.exe" )
[11/17/2007, 21:12:55] - Detected System Information:
[11/17/2007, 21:12:55] - Windows Version: 5.1.2600, Service Pack 2
[11/17/2007, 21:12:55] - Current Username: Administrator (Admin)
[11/17/2007, 21:12:55] - Windows is in SAFE mode with Networking.
[11/17/2007, 21:12:55] - Searching for Browser Helper Objects:
[11/17/2007, 21:12:55] - BHO 1: {055FD26D-3A88-4e15-963D-DC8493744B1D} (XTTBPos00 Class)
[11/17/2007, 21:12:55] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[11/17/2007, 21:12:55] - BHO 3: {0b699c92-7cbf-4151-ab01-620c366f8bee} ()
[11/17/2007, 21:12:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:12:55] - Checking for HKLM\...\Winlogon\Notify\tpfnafbp
[11/17/2007, 21:12:55] - Key not found: HKLM\...\Winlogon\Notify\tpfnafbp, continuing.
[11/17/2007, 21:12:55] - BHO 4: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} ()
[11/17/2007, 21:12:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:12:55] - Checking for HKLM\...\Winlogon\Notify\ctbr
[11/17/2007, 21:12:55] - Key not found: HKLM\...\Winlogon\Notify\ctbr, continuing.
[11/17/2007, 21:12:55] - BHO 5: {200D0AAD-71B1-51C9-DDB0-092BA4662A54} ()
[11/17/2007, 21:12:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:12:55] - Checking for HKLM\...\Winlogon\Notify\wsklvplp
[11/17/2007, 21:12:55] - Key not found: HKLM\...\Winlogon\Notify\wsklvplp, continuing.
[11/17/2007, 21:12:55] - BHO 6: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[11/17/2007, 21:12:55] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} ()
[11/17/2007, 21:12:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:12:55] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[11/17/2007, 21:12:55] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[11/17/2007, 21:12:55] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/17/2007, 21:12:55] - BHO 9: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
[11/17/2007, 21:12:55] - BHO 10: {DF21F1DB-80C6-11D3-9483-B03D0EC10000} (ASUS Security Protect Manager)
[11/17/2007, 21:12:55] - Finished Searching Browser Helper Objects
[11/17/2007, 21:12:55] - Finishing up...
[11/17/2007, 21:12:55] - Nothing found! Exiting...
a zde ComboFix po projetí VirtumundoBeGone :
ComboFix 07-11-08.1 - Honza 2007-11-17 21:17:45.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1418 [GMT 1:00]
Running from: C:\Documents and Settings\Honza\Plocha\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-10-17 to 2007-11-17 )))))))))))))))))))))))))))))))
.
2007-11-17 21:03 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2007-11-17 21:03 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2007-11-17 21:03 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2007-11-17 21:03 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2007-11-17 21:03 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2007-11-17 21:03 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2007-11-17 21:03 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2007-11-17 21:03 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\Intel
2007-11-17 21:03 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2007-11-17 20:37 <DIR> d-------- C:\VundoFix Backups
2007-11-17 20:36 96,978 --a------ C:\VirtumundoBeGone.exe
2007-11-17 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ESET
2007-11-17 14:12 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-16 17:10 81,984 --a------ C:\WINDOWS\system32\tpfnafbp.dll
2007-11-16 17:07 85,056 --a------ C:\WINDOWS\system32\swhnnrtc.dll
2007-11-16 01:19 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Agnitum
2007-11-16 00:57 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-11-16 00:53 <DIR> dr-h----- C:\MSOCache
2007-11-15 21:55 <DIR> d-------- C:\Program Files\Crawler
2007-11-15 21:52 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-11-15 21:35 <DIR> d-------- C:\WINDOWS\system32\fibagbia
2007-11-15 21:35 <DIR> d-------- C:\Program Files\Mwopmike
2007-11-15 21:34 <DIR> d-------- C:\Program Files\kfkninwv
2007-11-15 14:58 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-11-14 20:10 37,376 --a------ C:\WINDOWS\system32\khffecd.dll.vir
2007-11-14 19:24 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\FLEXnet
2007-11-14 13:10 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-11-12 15:52 <DIR> d-------- C:\Documents and Settings\Honza\WLSCompanion
2007-11-09 09:50 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2007-11-08 22:57 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\UDL
2007-11-08 22:55 <DIR> d-------- C:\Program Files\ABBYY FineReader 6.0 Sprint
2007-11-08 22:52 <DIR> d-------- C:\Documents and Settings\Honza\Data aplikací\InstallShield
2007-11-08 22:51 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\EPSON
2007-11-08 22:51 76,800 --a------ C:\WINDOWS\system32\E_FLBCDE.DLL
2007-11-08 22:51 62,976 --a------ C:\WINDOWS\system32\E_FD4BCDE.DLL
2007-11-08 22:51 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2007-11-08 22:50 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-11-08 22:50 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-11-08 22:46 <DIR> d-------- C:\Program Files\epson
2007-11-08 22:46 67,072 --a------ C:\WINDOWS\system32\escwiad.dll
2007-11-08 22:44 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-11-08 22:44 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-11-07 17:00 <DIR> d-------- C:\SILENCE_OF_THE_LAMBS
2007-11-07 12:56 <DIR> d-------- C:\Program Files\Yahoo!
2007-11-07 12:25 <DIR> d-------- C:\Program Files\Weather Pulse
2007-11-07 12:25 <DIR> d-------- C:\Documents and Settings\Honza\Data aplikací\Weather Pulse
2007-11-06 21:22 <DIR> d-------- C:\Documents and Settings\Honza\Data aplikací\SpamBayes
2007-11-06 21:21 <DIR> d-------- C:\Program Files\SpamBayes
2007-11-04 12:24 <DIR> d-------- C:\WINDOWS\system32\VIRepair
2007-11-04 09:03 <DIR> d-------- C:\Program Files\ViOrb
2007-11-04 01:42 <DIR> d-------- C:\WINDOWS\system32\VITrans
2007-11-04 01:42 <DIR> d-------- C:\VTPFiles
2007-11-04 01:42 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
2007-11-04 01:42 19,968 --a------ C:\WINDOWS\system32\reico.exe
2007-11-04 01:42 8,636 --a------ C:\WINDOWS\system32\modifype.exe
2007-11-04 00:42 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-11-03 18:37 <DIR> d-------- C:\Documents and Settings\Honza\Data aplikací\Lavasoft
2007-11-03 09:00 <DIR> d-------- C:\Shoty
2007-11-03 08:59 <DIR> d-------- C:\Program Files\ScreenShots
2007-10-30 10:29 30,728 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-10-30 10:27 33,800 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2007-10-30 10:27 27,144 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2007-10-29 10:42 <DIR> d-------- C:\Documents and Settings\Honza\Data aplikací\Ansys
2007-10-29 10:40 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\IsolatedStorage
2007-10-29 10:32 <DIR> d-------- C:\Program Files\ANSYS Inc
2007-10-25 20:16 <DIR> d-------- C:\Program Files\Dassault Systemes
2007-10-25 20:15 <DIR> d-------- C:\Documents and Settings\Honza\Data aplikací\DassaultSystemes
2007-10-25 20:15 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\DassaultSystemes
2007-10-25 13:32 <DIR> d-------- C:\gamesy
2007-10-22 18:14 <DIR> d-------- C:\Program Files\Ubisoft
2007-10-22 17:54 <DIR> d-------- C:\Program Files\Real
2007-10-22 17:54 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-10-22 17:54 <DIR> d-------- C:\Program Files\Common Files\Real
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-17 20:17 --------- d-----w C:\Documents and Settings\Honza\Data aplikací\Skype
2007-11-16 00:16 --------- d-----w C:\Documents and Settings\Honza\Data aplikací\Azureus
2007-11-16 00:15 --------- d-----w C:\Program Files\ICQToolbar
2007-11-15 18:46 1,323 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-11-15 14:25 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2007-11-15 13:58 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-14 19:13 --------- d-----w C:\Program Files\Azureus
2007-11-10 09:28 --------- d-----w C:\Program Files\ICQ6
2007-11-08 21:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-08 21:58 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-05 19:59 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2007-11-03 16:29 --------- d-----w C:\Program Files\CoolSMScz
2007-11-03 16:03 --------- d-----w C:\Program Files\Net Profile Switch
2007-10-27 08:35 --------- d-----w C:\Program Files\Fma 2
2007-10-23 20:01 --------- d-----w C:\Program Files\Winamp
2007-10-12 08:13 --------- d-----w C:\Program Files\T-Mobile
2007-10-12 08:13 --------- d-----w C:\Program Files\Common Files\GtFlashSwitch
2007-10-04 16:44 --------- d-----w C:\Program Files\DVD Decrypter
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2006-05-03 09:06:54 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((( snapshot@2007-11-17_14.37.35.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-17 15:55:39 10,134 ----a-r C:\WINDOWS\Installer\{DE924549-737F-444E-A60A-E8480BD5F5AB}\callmsi.exe
+ 2007-11-17 15:55:39 136,448 ----a-r C:\WINDOWS\Installer\{DE924549-737F-444E-A60A-E8480BD5F5AB}\egui.exe
+ 2007-11-17 20:14:40 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_99c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0b699c92-7cbf-4151-ab01-620c366f8bee}]
2007-11-16 17:10 81984 --a------ C:\WINDOWS\system32\tpfnafbp.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{200D0AAD-71B1-51C9-DDB0-092BA4662A54}]
C:\Program Files\Mwopmike\wsklvplp.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-08-23 15:22]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41]
"UMonit"="C:\WINDOWS\system32\UMonit.exe" [2006-08-14 10:54]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 16:09]
"CognizanceTS"="C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-22 13:12]
"ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2006-05-30 09:28]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 10:12]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 23:38]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 23:32]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-22 17:54]
"883de620"="C:\WINDOWS\system32\swhnnrtc.dll" [2007-11-16 17:07]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-10-30 10:28]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31]
"QIP2005"="C:\Program Files\QIP\qip.exe" [2007-07-15 11:43]
"EPSON Stylus DX7400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.exe" [2007-04-12 07:00]
C:\Documents and Settings\Honza\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 18:57:16]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Enable Labtec NumPad.lnk - C:\Program Files\Labtec NumPad\Magickey.exe [2007-05-19 15:02:20]
Power4 Gear (2).lnk - C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe [2007-05-19 03:59:23]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll 2006-05-03 06:23 40448 C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjvd32]
winjvd32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=apshook.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli ASWLNPkg
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Akcelerátor spuštění AutoCADu.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Akcelerátor spuštění AutoCADu.lnk
backup=C:\WINDOWS\pss\Akcelerátor spuštění AutoCADu.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
KHALMNPR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Net4Switch]
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
R1 ItSDisk;ItSDisk;C:\WINDOWS\system32\Drivers\ItSDisk.sys
R1 LUMDriver;LUMDriver;\??\C:\WINDOWS\system32\drivers\LUMDriver.sys
R1 UsbFltr;WayTechMUSBFilterDriver;C:\WINDOWS\system32\drivers\UsbFltr.sys
R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe -k Cognizance
R2 BBDemon;Backbone Service;"C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe" -service
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys
R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
R2 GtFlashSwitch;GtFlashSwitch;"C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe"
R2 JobManagerService110;Ansys JobManager Service V11;"C:\Program Files\ANSYS Inc\v110\RSM\bin\JobManagerService.exe"
R2 MSSQL$INVENTORCONTENT;MSSQL$INVENTORCONTENT;C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe -sINVENTORCONTENT
R2 ScriptHostService110;Ansys ScriptHost Service V11;"C:\Program Files\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe"
R3 FIXUSTOR;FIXUSTOR;C:\WINDOWS\system32\DRIVERS\fixustor.sys
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;C:\WINDOWS\system32\Drivers\SynMini.sys
R3 SynScan;ASUS WebCam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys
S3 GTUQBUS;GT UQ BUS;C:\WINDOWS\system32\DRIVERS\gtuqbus.sys
S3 SQLAgent$INVENTORCONTENT;SQLAgent$INVENTORCONTENT;C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE -i INVENTORCONTENT
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance ASChannel
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 21:21:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-11-17 21:22:42
.
--- E O F ---
Zde je výpis VirtumundoBeGone :
[11/17/2007, 21:05:32] - VirtumundoBeGone v1.5 ( "C:\VirtumundoBeGone.exe" )
[11/17/2007, 21:05:45] - Detected System Information:
[11/17/2007, 21:05:45] - Windows Version: 5.1.2600, Service Pack 2
[11/17/2007, 21:05:45] - Current Username: Administrator (Admin)
[11/17/2007, 21:05:45] - Windows is in SAFE mode with Networking.
[11/17/2007, 21:05:45] - Searching for Browser Helper Objects:
[11/17/2007, 21:05:45] - BHO 1: {055FD26D-3A88-4e15-963D-DC8493744B1D} (XTTBPos00 Class)
[11/17/2007, 21:05:45] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[11/17/2007, 21:05:45] - BHO 3: {0b699c92-7cbf-4151-ab01-620c366f8bee} ()
[11/17/2007, 21:05:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:05:45] - Checking for HKLM\...\Winlogon\Notify\tpfnafbp
[11/17/2007, 21:05:45] - Key not found: HKLM\...\Winlogon\Notify\tpfnafbp, continuing.
[11/17/2007, 21:05:45] - BHO 4: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} ()
[11/17/2007, 21:05:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:05:45] - Checking for HKLM\...\Winlogon\Notify\ctbr
[11/17/2007, 21:05:45] - Key not found: HKLM\...\Winlogon\Notify\ctbr, continuing.
[11/17/2007, 21:05:45] - BHO 5: {200D0AAD-71B1-51C9-DDB0-092BA4662A54} ()
[11/17/2007, 21:05:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:05:45] - Checking for HKLM\...\Winlogon\Notify\wsklvplp
[11/17/2007, 21:05:45] - Key not found: HKLM\...\Winlogon\Notify\wsklvplp, continuing.
[11/17/2007, 21:05:45] - BHO 6: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[11/17/2007, 21:05:45] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} ()
[11/17/2007, 21:05:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:05:45] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[11/17/2007, 21:05:45] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[11/17/2007, 21:05:45] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/17/2007, 21:05:45] - BHO 9: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
[11/17/2007, 21:05:45] - BHO 10: {DF21F1DB-80C6-11D3-9483-B03D0EC10000} (ASUS Security Protect Manager)
[11/17/2007, 21:05:45] - BHO 11: {E0B54BEC-9209-4B5D-94E5-A8906DE18FFB} ()
[11/17/2007, 21:05:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:05:45] - Checking for HKLM\...\Winlogon\Notify\khffecd
[11/17/2007, 21:05:45] - Found: HKLM\...\Winlogon\Notify\khffecd - This is probably Virtumundo.
[11/17/2007, 21:05:45] - Assigning {E0B54BEC-9209-4B5D-94E5-A8906DE18FFB} MSEvents Object
[11/17/2007, 21:05:45] - BHO list has been changed! Starting over...
[11/17/2007, 21:05:45] - BHO 1: {055FD26D-3A88-4e15-963D-DC8493744B1D} (XTTBPos00 Class)
[11/17/2007, 21:05:45] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[11/17/2007, 21:05:45] - BHO 3: {0b699c92-7cbf-4151-ab01-620c366f8bee} ()
[11/17/2007, 21:05:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:05:45] - Checking for HKLM\...\Winlogon\Notify\tpfnafbp
[11/17/2007, 21:05:45] - Key not found: HKLM\...\Winlogon\Notify\tpfnafbp, continuing.
[11/17/2007, 21:05:45] - BHO 4: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} ()
[11/17/2007, 21:05:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:05:45] - Checking for HKLM\...\Winlogon\Notify\ctbr
[11/17/2007, 21:05:45] - Key not found: HKLM\...\Winlogon\Notify\ctbr, continuing.
[11/17/2007, 21:05:45] - BHO 5: {200D0AAD-71B1-51C9-DDB0-092BA4662A54} ()
[11/17/2007, 21:05:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:05:45] - Checking for HKLM\...\Winlogon\Notify\wsklvplp
[11/17/2007, 21:05:45] - Key not found: HKLM\...\Winlogon\Notify\wsklvplp, continuing.
[11/17/2007, 21:05:45] - BHO 6: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[11/17/2007, 21:05:45] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} ()
[11/17/2007, 21:05:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:05:45] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[11/17/2007, 21:05:45] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[11/17/2007, 21:05:45] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/17/2007, 21:05:45] - BHO 9: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
[11/17/2007, 21:05:45] - BHO 10: {DF21F1DB-80C6-11D3-9483-B03D0EC10000} (ASUS Security Protect Manager)
[11/17/2007, 21:05:45] - BHO 11: {E0B54BEC-9209-4B5D-94E5-A8906DE18FFB} (MSEvents Object)
[11/17/2007, 21:05:45] - ALERT: Found MSEvents Object!
[11/17/2007, 21:05:45] - Finished Searching Browser Helper Objects
[11/17/2007, 21:05:45] - *** Detected MSEvents Object
[11/17/2007, 21:05:45] - Trying to remove MSEvents Object...
[11/17/2007, 21:05:46] - Terminating Process: IEXPLORE.EXE
[11/17/2007, 21:05:46] - Terminating Process: RUNDLL32.EXE
[11/17/2007, 21:05:46] - Disabling Automatic Shell Restart
[11/17/2007, 21:05:46] - Terminating Process: EXPLORER.EXE
[11/17/2007, 21:05:46] - Suspending the NT Session Manager System Service
[11/17/2007, 21:05:47] - Terminating Windows NT Logon/Logoff Manager
[11/17/2007, 21:05:47] - Re-enabling Automatic Shell Restart
[11/17/2007, 21:05:47] - File to disable: C:\WINDOWS\system32\khffecd.dll
[11/17/2007, 21:05:47] - Renaming C:\WINDOWS\system32\khffecd.dll -> C:\WINDOWS\system32\khffecd.dll.vir
[11/17/2007, 21:05:47] - File successfully renamed!
[11/17/2007, 21:05:47] - Removing HKLM\...\Browser Helper Objects\{E0B54BEC-9209-4B5D-94E5-A8906DE18FFB}
[11/17/2007, 21:05:47] - Removing HKCR\CLSID\{E0B54BEC-9209-4B5D-94E5-A8906DE18FFB}
[11/17/2007, 21:05:47] - Adding Kill Bit for ActiveX for GUID: {E0B54BEC-9209-4B5D-94E5-A8906DE18FFB}
[11/17/2007, 21:05:47] - Deleting ATLEvents/MSEvents Registry entries
[11/17/2007, 21:05:47] - Removing HKLM\...\Winlogon\Notify\khffecd
[11/17/2007, 21:05:47] - Searching for Browser Helper Objects:
[11/17/2007, 21:05:47] - BHO 1: {055FD26D-3A88-4e15-963D-DC8493744B1D} (XTTBPos00 Class)
[11/17/2007, 21:05:47] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[11/17/2007, 21:05:47] - BHO 3: {0b699c92-7cbf-4151-ab01-620c366f8bee} ()
[11/17/2007, 21:05:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:05:47] - Checking for HKLM\...\Winlogon\Notify\tpfnafbp
[11/17/2007, 21:05:47] - Key not found: HKLM\...\Winlogon\Notify\tpfnafbp, continuing.
[11/17/2007, 21:05:47] - BHO 4: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} ()
[11/17/2007, 21:05:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:05:47] - Checking for HKLM\...\Winlogon\Notify\ctbr
[11/17/2007, 21:05:47] - Key not found: HKLM\...\Winlogon\Notify\ctbr, continuing.
[11/17/2007, 21:05:47] - BHO 5: {200D0AAD-71B1-51C9-DDB0-092BA4662A54} ()
[11/17/2007, 21:05:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:05:47] - Checking for HKLM\...\Winlogon\Notify\wsklvplp
[11/17/2007, 21:05:47] - Key not found: HKLM\...\Winlogon\Notify\wsklvplp, continuing.
[11/17/2007, 21:05:47] - BHO 6: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[11/17/2007, 21:05:47] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} ()
[11/17/2007, 21:05:47] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:05:47] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[11/17/2007, 21:05:47] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[11/17/2007, 21:05:47] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/17/2007, 21:05:47] - BHO 9: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
[11/17/2007, 21:05:47] - BHO 10: {DF21F1DB-80C6-11D3-9483-B03D0EC10000} (ASUS Security Protect Manager)
[11/17/2007, 21:05:47] - Finished Searching Browser Helper Objects
[11/17/2007, 21:05:47] - Finishing up...
[11/17/2007, 21:05:47] - A restart is needed.
[11/17/2007, 21:06:27] - Attempting to Restart via STOP error (Blue Screen!)
[11/17/2007, 21:11:32] - VirtumundoBeGone v1.5 ( "C:\VirtumundoBeGone.exe" )
[11/17/2007, 21:11:45] - Detected System Information:
[11/17/2007, 21:11:45] - Windows Version: 5.1.2600, Service Pack 2
[11/17/2007, 21:11:45] - Current Username: Administrator (Admin)
[11/17/2007, 21:11:45] - Windows is in SAFE mode with Networking.
[11/17/2007, 21:11:45] - Searching for Browser Helper Objects:
[11/17/2007, 21:11:45] - BHO 1: {055FD26D-3A88-4e15-963D-DC8493744B1D} (XTTBPos00 Class)
[11/17/2007, 21:11:45] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[11/17/2007, 21:11:45] - BHO 3: {0b699c92-7cbf-4151-ab01-620c366f8bee} ()
[11/17/2007, 21:11:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:11:45] - Checking for HKLM\...\Winlogon\Notify\tpfnafbp
[11/17/2007, 21:11:45] - Key not found: HKLM\...\Winlogon\Notify\tpfnafbp, continuing.
[11/17/2007, 21:11:45] - BHO 4: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} ()
[11/17/2007, 21:11:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:11:45] - Checking for HKLM\...\Winlogon\Notify\ctbr
[11/17/2007, 21:11:45] - Key not found: HKLM\...\Winlogon\Notify\ctbr, continuing.
[11/17/2007, 21:11:45] - BHO 5: {200D0AAD-71B1-51C9-DDB0-092BA4662A54} ()
[11/17/2007, 21:11:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:11:45] - Checking for HKLM\...\Winlogon\Notify\wsklvplp
[11/17/2007, 21:11:45] - Key not found: HKLM\...\Winlogon\Notify\wsklvplp, continuing.
[11/17/2007, 21:11:45] - BHO 6: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[11/17/2007, 21:11:45] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} ()
[11/17/2007, 21:11:45] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:11:45] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[11/17/2007, 21:11:45] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[11/17/2007, 21:11:45] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/17/2007, 21:11:45] - BHO 9: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
[11/17/2007, 21:11:45] - BHO 10: {DF21F1DB-80C6-11D3-9483-B03D0EC10000} (ASUS Security Protect Manager)
[11/17/2007, 21:11:45] - Finished Searching Browser Helper Objects
[11/17/2007, 21:11:45] - Finishing up...
[11/17/2007, 21:11:45] - Nothing found! Exiting...
[11/17/2007, 21:12:54] - VirtumundoBeGone v1.5 ( "C:\VirtumundoBeGone.exe" )
[11/17/2007, 21:12:55] - Detected System Information:
[11/17/2007, 21:12:55] - Windows Version: 5.1.2600, Service Pack 2
[11/17/2007, 21:12:55] - Current Username: Administrator (Admin)
[11/17/2007, 21:12:55] - Windows is in SAFE mode with Networking.
[11/17/2007, 21:12:55] - Searching for Browser Helper Objects:
[11/17/2007, 21:12:55] - BHO 1: {055FD26D-3A88-4e15-963D-DC8493744B1D} (XTTBPos00 Class)
[11/17/2007, 21:12:55] - BHO 2: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (AcroIEHlprObj Class)
[11/17/2007, 21:12:55] - BHO 3: {0b699c92-7cbf-4151-ab01-620c366f8bee} ()
[11/17/2007, 21:12:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:12:55] - Checking for HKLM\...\Winlogon\Notify\tpfnafbp
[11/17/2007, 21:12:55] - Key not found: HKLM\...\Winlogon\Notify\tpfnafbp, continuing.
[11/17/2007, 21:12:55] - BHO 4: {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} ()
[11/17/2007, 21:12:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:12:55] - Checking for HKLM\...\Winlogon\Notify\ctbr
[11/17/2007, 21:12:55] - Key not found: HKLM\...\Winlogon\Notify\ctbr, continuing.
[11/17/2007, 21:12:55] - BHO 5: {200D0AAD-71B1-51C9-DDB0-092BA4662A54} ()
[11/17/2007, 21:12:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:12:55] - Checking for HKLM\...\Winlogon\Notify\wsklvplp
[11/17/2007, 21:12:55] - Key not found: HKLM\...\Winlogon\Notify\wsklvplp, continuing.
[11/17/2007, 21:12:55] - BHO 6: {22BF413B-C6D2-4d91-82A9-A0F997BA588C} (Skype add-on (mastermind))
[11/17/2007, 21:12:55] - BHO 7: {53707962-6F74-2D53-2644-206D7942484F} ()
[11/17/2007, 21:12:55] - WARNING: BHO has no default name. Checking for Winlogon reference.
[11/17/2007, 21:12:55] - Checking for HKLM\...\Winlogon\Notify\SDHelper
[11/17/2007, 21:12:55] - Key not found: HKLM\...\Winlogon\Notify\SDHelper, continuing.
[11/17/2007, 21:12:55] - BHO 8: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[11/17/2007, 21:12:55] - BHO 9: {AE7CD045-E861-484f-8273-0445EE161910} (AcroIEToolbarHelper Class)
[11/17/2007, 21:12:55] - BHO 10: {DF21F1DB-80C6-11D3-9483-B03D0EC10000} (ASUS Security Protect Manager)
[11/17/2007, 21:12:55] - Finished Searching Browser Helper Objects
[11/17/2007, 21:12:55] - Finishing up...
[11/17/2007, 21:12:55] - Nothing found! Exiting...
a zde ComboFix po projetí VirtumundoBeGone :
ComboFix 07-11-08.1 - Honza 2007-11-17 21:17:45.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.1418 [GMT 1:00]
Running from: C:\Documents and Settings\Honza\Plocha\ComboFix.exe
.
((((((((((((((((((((((((( Files Created from 2007-10-17 to 2007-11-17 )))))))))))))))))))))))))))))))
.
2007-11-17 21:03 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2007-11-17 21:03 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2007-11-17 21:03 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2007-11-17 21:03 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2007-11-17 21:03 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2007-11-17 21:03 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2007-11-17 21:03 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2007-11-17 21:03 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\Intel
2007-11-17 21:03 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2007-11-17 20:37 <DIR> d-------- C:\VundoFix Backups
2007-11-17 20:36 96,978 --a------ C:\VirtumundoBeGone.exe
2007-11-17 16:54 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\ESET
2007-11-17 14:12 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-16 17:10 81,984 --a------ C:\WINDOWS\system32\tpfnafbp.dll
2007-11-16 17:07 85,056 --a------ C:\WINDOWS\system32\swhnnrtc.dll
2007-11-16 01:19 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Agnitum
2007-11-16 00:57 <DIR> d-------- C:\WINDOWS\SHELLNEW
2007-11-16 00:53 <DIR> dr-h----- C:\MSOCache
2007-11-15 21:55 <DIR> d-------- C:\Program Files\Crawler
2007-11-15 21:52 <DIR> d-------- C:\Program Files\Spyware Terminator
2007-11-15 21:35 <DIR> d-------- C:\WINDOWS\system32\fibagbia
2007-11-15 21:35 <DIR> d-------- C:\Program Files\Mwopmike
2007-11-15 21:34 <DIR> d-------- C:\Program Files\kfkninwv
2007-11-15 14:58 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-11-14 20:10 37,376 --a------ C:\WINDOWS\system32\khffecd.dll.vir
2007-11-14 19:24 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\FLEXnet
2007-11-14 13:10 32,592 --a------ C:\WINDOWS\system32\msonpmon.dll
2007-11-12 15:52 <DIR> d-------- C:\Documents and Settings\Honza\WLSCompanion
2007-11-09 09:50 50,688 --a------ C:\WINDOWS\system32\wbhelp2.dll
2007-11-08 22:57 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\UDL
2007-11-08 22:55 <DIR> d-------- C:\Program Files\ABBYY FineReader 6.0 Sprint
2007-11-08 22:52 <DIR> d-------- C:\Documents and Settings\Honza\Data aplikací\InstallShield
2007-11-08 22:51 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\EPSON
2007-11-08 22:51 76,800 --a------ C:\WINDOWS\system32\E_FLBCDE.DLL
2007-11-08 22:51 62,976 --a------ C:\WINDOWS\system32\E_FD4BCDE.DLL
2007-11-08 22:51 49,152 --a------ C:\WINDOWS\system32\E_DCINST.DLL
2007-11-08 22:50 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2007-11-08 22:50 15,104 --a--c--- C:\WINDOWS\system32\dllcache\usbscan.sys
2007-11-08 22:46 <DIR> d-------- C:\Program Files\epson
2007-11-08 22:46 67,072 --a------ C:\WINDOWS\system32\escwiad.dll
2007-11-08 22:44 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-11-08 22:44 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-11-07 17:00 <DIR> d-------- C:\SILENCE_OF_THE_LAMBS
2007-11-07 12:56 <DIR> d-------- C:\Program Files\Yahoo!
2007-11-07 12:25 <DIR> d-------- C:\Program Files\Weather Pulse
2007-11-07 12:25 <DIR> d-------- C:\Documents and Settings\Honza\Data aplikací\Weather Pulse
2007-11-06 21:22 <DIR> d-------- C:\Documents and Settings\Honza\Data aplikací\SpamBayes
2007-11-06 21:21 <DIR> d-------- C:\Program Files\SpamBayes
2007-11-04 12:24 <DIR> d-------- C:\WINDOWS\system32\VIRepair
2007-11-04 09:03 <DIR> d-------- C:\Program Files\ViOrb
2007-11-04 01:42 <DIR> d-------- C:\WINDOWS\system32\VITrans
2007-11-04 01:42 <DIR> d-------- C:\VTPFiles
2007-11-04 01:42 111,104 --a------ C:\WINDOWS\system32\Uharc.exe
2007-11-04 01:42 19,968 --a------ C:\WINDOWS\system32\reico.exe
2007-11-04 01:42 8,636 --a------ C:\WINDOWS\system32\modifype.exe
2007-11-04 00:42 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-11-03 18:37 <DIR> d-------- C:\Documents and Settings\Honza\Data aplikací\Lavasoft
2007-11-03 09:00 <DIR> d-------- C:\Shoty
2007-11-03 08:59 <DIR> d-------- C:\Program Files\ScreenShots
2007-10-30 10:29 30,728 --a------ C:\WINDOWS\system32\drivers\epfwtdir.sys
2007-10-30 10:27 33,800 --a------ C:\WINDOWS\system32\drivers\eamon.sys
2007-10-30 10:27 27,144 --a------ C:\WINDOWS\system32\drivers\easdrv.sys
2007-10-29 10:42 <DIR> d-------- C:\Documents and Settings\Honza\Data aplikací\Ansys
2007-10-29 10:40 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\IsolatedStorage
2007-10-29 10:32 <DIR> d-------- C:\Program Files\ANSYS Inc
2007-10-25 20:16 <DIR> d-------- C:\Program Files\Dassault Systemes
2007-10-25 20:15 <DIR> d-------- C:\Documents and Settings\Honza\Data aplikací\DassaultSystemes
2007-10-25 20:15 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\DassaultSystemes
2007-10-25 13:32 <DIR> d-------- C:\gamesy
2007-10-22 18:14 <DIR> d-------- C:\Program Files\Ubisoft
2007-10-22 17:54 <DIR> d-------- C:\Program Files\Real
2007-10-22 17:54 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-10-22 17:54 <DIR> d-------- C:\Program Files\Common Files\Real
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-17 20:17 --------- d-----w C:\Documents and Settings\Honza\Data aplikací\Skype
2007-11-16 00:16 --------- d-----w C:\Documents and Settings\Honza\Data aplikací\Azureus
2007-11-16 00:15 --------- d-----w C:\Program Files\ICQToolbar
2007-11-15 18:46 1,323 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2007-11-15 14:25 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2007-11-15 13:58 --------- d-----w C:\Program Files\Common Files\Adobe
2007-11-14 19:13 --------- d-----w C:\Program Files\Azureus
2007-11-10 09:28 --------- d-----w C:\Program Files\ICQ6
2007-11-08 21:59 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-11-08 21:58 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-11-05 19:59 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\DVD Shrink
2007-11-03 16:29 --------- d-----w C:\Program Files\CoolSMScz
2007-11-03 16:03 --------- d-----w C:\Program Files\Net Profile Switch
2007-10-27 08:35 --------- d-----w C:\Program Files\Fma 2
2007-10-23 20:01 --------- d-----w C:\Program Files\Winamp
2007-10-12 08:13 --------- d-----w C:\Program Files\T-Mobile
2007-10-12 08:13 --------- d-----w C:\Program Files\Common Files\GtFlashSwitch
2007-10-04 16:44 --------- d-----w C:\Program Files\DVD Decrypter
2007-08-21 06:18 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2006-05-03 09:06:54 163,328 --sha-r C:\WINDOWS\system32\flvDX.dll
2007-02-21 10:47:16 31,232 --sha-r C:\WINDOWS\system32\msfDX.dll
.
((((((((((((((((((((((((((((( snapshot@2007-11-17_14.37.35.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-17 15:55:39 10,134 ----a-r C:\WINDOWS\Installer\{DE924549-737F-444E-A60A-E8480BD5F5AB}\callmsi.exe
+ 2007-11-17 15:55:39 136,448 ----a-r C:\WINDOWS\Installer\{DE924549-737F-444E-A60A-E8480BD5F5AB}\egui.exe
+ 2007-11-17 20:14:40 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_99c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0b699c92-7cbf-4151-ab01-620c366f8bee}]
2007-11-16 17:10 81984 --a------ C:\WINDOWS\system32\tpfnafbp.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{200D0AAD-71B1-51C9-DDB0-092BA4662A54}]
C:\Program Files\Mwopmike\wsklvplp.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HControl"="C:\WINDOWS\ATK0100\HControl.exe" [2006-08-23 15:22]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41]
"UMonit"="C:\WINDOWS\system32\UMonit.exe" [2006-08-14 10:54]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 16:09]
"CognizanceTS"="C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll" [2003-12-22 13:12]
"ACMON"="C:\Program Files\ASUS\Splendid\ACMON.exe" [2006-05-30 09:28]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 10:12]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-08-01 23:38]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-08-01 23:32]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 09:54]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-10-22 17:54]
"883de620"="C:\WINDOWS\system32\swhnnrtc.dll" [2007-11-16 17:07]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-10-30 10:28]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31]
"QIP2005"="C:\Program Files\QIP\qip.exe" [2007-07-15 11:43]
"EPSON Stylus DX7400 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.exe" [2007-04-12 07:00]
C:\Documents and Settings\Honza\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Yahoo! Widget Engine.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe [2007-07-20 18:57:16]
C:\Documents and Settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Enable Labtec NumPad.lnk - C:\Program Files\Labtec NumPad\Magickey.exe [2007-05-19 15:02:20]
Power4 Gear (2).lnk - C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe [2007-05-19 03:59:23]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll 2006-05-03 06:23 40448 C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjvd32]
winjvd32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=apshook.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"= scecli ASWLNPkg
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Akcelerátor spuštění AutoCADu.lnk]
path=C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\Akcelerátor spuštění AutoCADu.lnk
backup=C:\WINDOWS\pss\Akcelerátor spuštění AutoCADu.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
ALCMTR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Live Update]
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATKMEDIA]
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
"C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
KHALMNPR.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
C:\WINDOWS\system32\NeroCheck.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Net4Switch]
C:\Program Files\ASUS\Net4Switch\Net4Switch.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PinnacleDriverCheck]
C:\WINDOWS\system32\PSDrvCheck.exe -CheckReg
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
RTHDCPL.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
SkyTel.EXE
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMSERIAL]
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe
R1 easdrv;easdrv;C:\WINDOWS\system32\DRIVERS\easdrv.sys
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
R1 ItSDisk;ItSDisk;C:\WINDOWS\system32\Drivers\ItSDisk.sys
R1 LUMDriver;LUMDriver;\??\C:\WINDOWS\system32\drivers\LUMDriver.sys
R1 UsbFltr;WayTechMUSBFilterDriver;C:\WINDOWS\system32\drivers\UsbFltr.sys
R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe -k Cognizance
R2 BBDemon;Backbone Service;"C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe" -service
R2 eamon;EAMON;C:\WINDOWS\system32\DRIVERS\eamon.sys
R2 ekrn;Eset Service;"C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
R2 GtFlashSwitch;GtFlashSwitch;"C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe"
R2 JobManagerService110;Ansys JobManager Service V11;"C:\Program Files\ANSYS Inc\v110\RSM\bin\JobManagerService.exe"
R2 MSSQL$INVENTORCONTENT;MSSQL$INVENTORCONTENT;C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe -sINVENTORCONTENT
R2 ScriptHostService110;Ansys ScriptHost Service V11;"C:\Program Files\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe"
R3 FIXUSTOR;FIXUSTOR;C:\WINDOWS\system32\DRIVERS\fixustor.sys
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys
R3 SynMini;ASUS WebCam, 1.3M, USB2.0, FF;C:\WINDOWS\system32\Drivers\SynMini.sys
R3 SynScan;ASUS WebCam Still Image;C:\WINDOWS\system32\Drivers\SynScan.sys
S3 EhttpSrv;Eset HTTP Server;"C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
S3 GTPTSER;GT PT SER;C:\WINDOWS\system32\DRIVERS\gtptser.sys
S3 GTUQBUS;GT UQ BUS;C:\WINDOWS\system32\DRIVERS\gtuqbus.sys
S3 SQLAgent$INVENTORCONTENT;SQLAgent$INVENTORCONTENT;C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlagent.EXE -i INVENTORCONTENT
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance ASChannel
.
**************************************************************************
catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-17 21:21:27
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-11-17 21:22:42
.
--- E O F ---
- BUBINO
- Začátečník
-
- Registrován: 12. čer 2007
- Bydliště: Mám
Vundo nieco zmaznul . Spustil ste ho v nudzovom rezime? Ak nie , tak vundoBeGone spustite este raz v nudzovom rezime.
Pokial ste ho spustil tak ako bolo pisane v navode co som vam dal , tak postupujte podla tychto pokynov. .
Zmaste C:\VundoFix Backups
a C:\VirtumundoBeGone.exe
Stiahnite si avenger na plochu : http://www.viry.cz/forum/viewtopic.php?t=19832
Podla navodu sa dopracujte ku tomu bielemu okne v navode a do neho skopirujte cely text napisany tu dole v bielom ramceku:
Po tom ako urobite avenger ,restartuje pocitac do nudzoveho rezimu, spuste poznamkovy blok a zkopirujte do neho cely tento text:
Uchopte myší vytvorený skript CFScript.txt, premiestnite ho nad stažený program ComboFix.exe a ked sa oba subory prekryju, skript upuste.
Automaticky sa spustí ComboFix, vlozte sem log, ktory vybehne v záveru čistiaceho procesu.
Dajte sem log aj z HijackThis.
Pokial ste ho spustil tak ako bolo pisane v navode co som vam dal , tak postupujte podla tychto pokynov. .
Zmaste C:\VundoFix Backups
a C:\VirtumundoBeGone.exe
Stiahnite si avenger na plochu : http://www.viry.cz/forum/viewtopic.php?t=19832
Podla navodu sa dopracujte ku tomu bielemu okne v navode a do neho skopirujte cely text napisany tu dole v bielom ramceku:
Ak poznate a pouzivate neaku zlozku ktora je napisana vo Folders to delete , tak ju zmate z okna avengeru. Mne sa tie slozky zdaju viac nez dost pozorele a pokial neviete o co ide , tak ich nechajte nech ich program zmaze.Files to delete:
C:\WINDOWS\system32\tpfnafbp.dll
C:\WINDOWS\system32\swhnnrtc.dll
C:\WINDOWS\system32\khffecd.dll.vir
C:\WINDOWS\system32\E_FLBCDE.DLL
C:\WINDOWS\system32\E_FD4BCDE.DLL
C:\WINDOWS\system32\E_DCINST.DLL
C:\WINDOWS\system32\Uharc.exe
C:\WINDOWS\system32\swhnnrtc.dll
C:\WINDOWS\Installer\{DE924549-737F-444E-A60A-E8480BD5F5AB}\callmsi.exe
C:\WINDOWS\Installer\{DE924549-737F-444E-A60A-E8480BD5F5AB}\egui.exe
C:\WINDOWS\Temp\Perflib_Perfdata_99c.dat
Folders to delete:
C:\WINDOWS\system32\fibagbia
C:\Program Files\Mwopmike
C:\Program Files\kfkninwv
C:\SILENCE_OF_THE_LAMBS
C:\Program Files\ViOrb
C:\WINDOWS\system32\VIRepair
C:\Documents and Settings\Honza\WLSCompanion
C:\VTPFiles
C:\Shoty
C:\Program Files\ScreenShots
C:\Program Files\Dassault Systemes
Registry values to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run | 883de620
Registry values to replace with dummy:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows | AppInit_DLLs
Po tom ako urobite avenger ,restartuje pocitac do nudzoveho rezimu, spuste poznamkovy blok a zkopirujte do neho cely tento text:
Zvolte moznost Uložit soubor jako, pomenujte subor CFScript.txt a zvolte Uložit jako typ Všechny soubory. Uložte soubor na plochu.File::
C:\WINDOWS\system32\tpfnafbp.dll
C:\WINDOWS\system32\khffecd.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0b699c92-7cbf-4151-ab01-620c366f8bee}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{200D0AAD-71B1-51C9-DDB0-092BA4662A54}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjvd32]
Uchopte myší vytvorený skript CFScript.txt, premiestnite ho nad stažený program ComboFix.exe a ked sa oba subory prekryju, skript upuste.
Automaticky sa spustí ComboFix, vlozte sem log, ktory vybehne v záveru čistiaceho procesu.
Dajte sem log aj z HijackThis.
- honzahkj
- Nováček
-
- Registrován: 17. lis 2007
Zdravím,
Stahnul jsem si Avenger a udělal vše podle pokynu (trvaklo to šíleně dlouho)
Pak jsem si vytvořil CFScript.txt, šel do nouzoveho režimu a napsalo mi to tohle :
"Current date is 2007-11-18. This copy of ComboFix has expired.Please download an updated copy."
Tak jsem se snažil stahnout nějakou jinou verzi a hází to pořád to samé. Takže druhou část nemužu dokončit . Co tedy s tím ?
Díky
Stahnul jsem si Avenger a udělal vše podle pokynu (trvaklo to šíleně dlouho)
Pak jsem si vytvořil CFScript.txt, šel do nouzoveho režimu a napsalo mi to tohle :
"Current date is 2007-11-18. This copy of ComboFix has expired.Please download an updated copy."
Tak jsem se snažil stahnout nějakou jinou verzi a hází to pořád to samé. Takže druhou část nemužu dokončit . Co tedy s tím ?
Díky
- BUBINO
- Začátečník
-
- Registrován: 12. čer 2007
- Bydliště: Mám
Ja neviem preco by mal byt s tym problem. Combo mozete stiahnut aj od tialto : http://www.programosy.pl/program,combofix.html
Tam je ikona tej diskety.
Ak by to neslo , tak tak som vam urobil script.
Do poznamkoveho bloku skopirujte toto dole :
Subor sa spusti a to je vse. Je mozne , ze sa subory budu branit v takom pripade subor FixTolls.bat spustite v nudzovom rezime. Potom tu daje log z ComboFixu.
Tam je ikona tej diskety.
Ak by to neslo , tak tak som vam urobil script.
Do poznamkoveho bloku skopirujte toto dole :
Dajte ulozit na plochu ako vsetky subory a pomenujte FixTools.bat . Poklikajte.@echo off
>>fixtools5.reg (
echo REGEDIT4
echo.
echo [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0b699c92-7cbf-4151-ab01-620c366f8bee}]
echo [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{200D0AAD-71B1-51C9-DDB0-092BA4662A54}]
echo [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winjvd32]
)
@reg import fixtools5.reg"
apps\swreg import fixtools5.reg >NUL 2>&1
del /q fixtools*.reg
@echo off
del C:\WINDOWS\system32\tpfnafbp.dll /q
del C:\WINDOWS\system32\khffecd.dll /q
Subor sa spusti a to je vse. Je mozne , ze sa subory budu branit v takom pripade subor FixTolls.bat spustite v nudzovom rezime. Potom tu daje log z ComboFixu.
- honzahkj
- Nováček
-
- Registrován: 17. lis 2007
Tak Combo proste nejde...i po stažení z Vašeho linku no napiše stejnou hlašku. A to jak z nouzoveho režimu tak z normalniho. Vytvořil jsem tedy FixTolls.bat a spustil ho jak v norm. režimu tak v nouzovem. Okno je probliklo...tak doufam ze vse probehlo.
Log. zasílám tedy z HijacThis protoze Combo rezignuje.....
díky
HijacThis:
Logfile of HijackThis v1.99.1
Scan saved at 18:43:20, on 18.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
C:\Program Files\ANSYS Inc\v110\RSM\bin\JobManagerService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\UMonit.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Labtec NumPad\Magickey.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Honza\Plocha\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {eeb8f663-c026-10ba-1514-fbc729c996b0} - {0b699c92-7cbf-4151-ab01-620c366f8bee} - C:\WINDOWS\system32\tpfnafbp.dll (file missing)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {200D0AAD-71B1-51C9-DDB0-092BA4662A54} - C:\Program Files\Mwopmike\wsklvplp.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\UMonit.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [883de620] rundll32.exe "C:\WINDOWS\system32\swhnnrtc.dll",b
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_S2F25.tmp" /EF "HKCU"
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Enable Labtec NumPad.lnk = C:\Program Files\Labtec NumPad\Magickey.exe
O4 - Global Startup: Power4 Gear (2).lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Backbone Service (BBDemon) - Unknown owner - C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe" -service (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ansys JobManager Service V11 (JobManagerService110) - Ansys, Inc - C:\Program Files\ANSYS Inc\v110\RSM\bin\JobManagerService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Ansys ScriptHost Service V11 (ScriptHostService110) - Ansys, Inc. - C:\Program Files\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe
Log. zasílám tedy z HijacThis protoze Combo rezignuje.....
díky
HijacThis:
Logfile of HijackThis v1.99.1
Scan saved at 18:43:20, on 18.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
C:\Program Files\ANSYS Inc\v110\RSM\bin\JobManagerService.exe
C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\UMonit.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\Labtec NumPad\Magickey.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Honza\Plocha\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: {eeb8f663-c026-10ba-1514-fbc729c996b0} - {0b699c92-7cbf-4151-ab01-620c366f8bee} - C:\WINDOWS\system32\tpfnafbp.dll (file missing)
O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O2 - BHO: (no name) - {200D0AAD-71B1-51C9-DDB0-092BA4662A54} - C:\Program Files\Mwopmike\wsklvplp.dll (file missing)
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &Crawler Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\UMonit.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [883de620] rundll32.exe "C:\WINDOWS\system32\swhnnrtc.dll",b
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_S2F25.tmp" /EF "HKCU"
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Enable Labtec NumPad.lnk = C:\Program Files\Labtec NumPad\Magickey.exe
O4 - Global Startup: Power4 Gear (2).lnk = ?
O8 - Extra context menu item: Crawler Search - tbr:iemenu
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Crawler\Toolbar\ctbr.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Backbone Service (BBDemon) - Unknown owner - C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe" -service (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ansys JobManager Service V11 (JobManagerService110) - Ansys, Inc - C:\Program Files\ANSYS Inc\v110\RSM\bin\JobManagerService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Ansys ScriptHost Service V11 (ScriptHostService110) - Ansys, Inc. - C:\Program Files\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe
- BUBINO
- Začátečník
-
- Registrován: 12. čer 2007
- Bydliště: Mám
Ok , ideme na nasledovne. Toto v HJT zafixujte :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: {eeb8f663-c026-10ba-1514-fbc729c996b0} - {0b699c92-7cbf-4151-ab01-620c366f8bee} - C:\WINDOWS\system32\tpfnafbp.dll (file missing)
O2 - BHO: (no name) - {200D0AAD-71B1-51C9-DDB0-092BA4662A54} - C:\Program Files\Mwopmike\wsklvplp.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [883de620] rundll32.exe "C:\WINDOWS\system32\swhnnrtc.dll",b
Toto otestuje na virustotal.com . Uploadnite a to vse. Vysledky sem hodte. A zaujimalo by ma , ci to poznate.
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
Mne sa to nezda.
Ak nepouzivate YAHOO , tak ho cele odinstalujte.
Ak nepouzivate Spyware Terminator , tak crawler toolbar a celu zlozku odinstalujte a vymazte.
Do avengera vlozte :
Ak by vam nahodou zresetovalo internet , tak pouzite tento program :
http://www.spyware.cz/go.php?p=spyware&t=aplikace&id=22
Log z neho + novy log z HJT a informacie z virustotal + odpovede na moje otazky dajte sem .
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: {eeb8f663-c026-10ba-1514-fbc729c996b0} - {0b699c92-7cbf-4151-ab01-620c366f8bee} - C:\WINDOWS\system32\tpfnafbp.dll (file missing)
O2 - BHO: (no name) - {200D0AAD-71B1-51C9-DDB0-092BA4662A54} - C:\Program Files\Mwopmike\wsklvplp.dll (file missing)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [883de620] rundll32.exe "C:\WINDOWS\system32\swhnnrtc.dll",b
Toto otestuje na virustotal.com . Uploadnite a to vse. Vysledky sem hodte. A zaujimalo by ma , ci to poznate.
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
Mne sa to nezda.
Ak nepouzivate YAHOO , tak ho cele odinstalujte.
Ak nepouzivate Spyware Terminator , tak crawler toolbar a celu zlozku odinstalujte a vymazte.
Do avengera vlozte :
Aplikujte tento progra , SDFIX.: podla navodu : http://www.viry.cz/forum/viewtopic.php?t=40395Files to delete:
C:\WINDOWS\system32\swhnnrtc.dll
Ak by vam nahodou zresetovalo internet , tak pouzite tento program :
http://www.spyware.cz/go.php?p=spyware&t=aplikace&id=22
Log z neho + novy log z HJT a informacie z virustotal + odpovede na moje otazky dajte sem .
- honzahkj
- Nováček
-
- Registrován: 17. lis 2007
Zdravím,
tak jsem vše provedl :
log z SFFIX :
SDFix: Version 1.114
Run by Administrator on ne 18.11.2007 at 21:33
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-18 21:40:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:bd,ee,71,ca,73,39,38,23,5a,d5,df,1c,e7,df,70,4b,5c,0e,99,a4,54,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,8b,a1,be,95,a0,cc,c6,ee,07,b3,2b,89,cd,e6,79,9e,9d,..
"khjeh"=hex:a2,65,1d,fd,0a,d7,f2,79,3b,fb,9c,ea,0c,3c,34,35,e0,7b,1b,50,dd,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:92,83,92,e5,f4,7f,fc,c6,e1,63,b0,5b,02,d2,e4,4f,54,6b,42,f0,0b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:bd,ee,71,ca,73,39,38,23,5a,d5,df,1c,e7,df,70,4b,5c,0e,99,a4,54,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,8b,a1,be,95,a0,cc,c6,ee,07,b3,2b,89,cd,e6,79,9e,9d,..
"khjeh"=hex:a2,65,1d,fd,0a,d7,f2,79,3b,fb,9c,ea,0c,3c,34,35,e0,7b,1b,50,dd,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:92,83,92,e5,f4,7f,fc,c6,e1,63,b0,5b,02,d2,e4,4f,54,6b,42,f0,0b,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------
Files with Hidden Attributes:
Wed 3 May 2006 163,328 A.SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007 31,232 A.SHR --- "C:\WINDOWS\system32\msfDX.dll"
Fri 8 Jun 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 22 Dec 2004 76,568 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe"
Thu 13 Jan 2005 11,360 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Sun 19 Aug 2007 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Fri 27 Oct 2006 15,360 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll"
Sun 17 Nov 2002 33,792 A..H. --- "C:\Honza\çkola\Od Jirky\CVUT FSI II\~WRL0001.tmp"
Mon 23 Jun 2003 64,512 A..H. --- "C:\Honza\çkola\Od Jirky\CVUT FSI II\~WRL0002.tmp"
Mon 26 May 2003 36,352 A..H. --- "C:\Honza\çkola\Od Jirky\CVUT FSI II\~WRL0005.tmp"
Wed 12 Feb 2003 23,040 A..H. --- "C:\Honza\çkola\Od Jirky\CVUT FSI II\~WRL1925.tmp"
Sun 1 Dec 2002 19,968 A..H. --- "C:\Honza\çkola\Od Jirky\CVUT FSI II\~WRL3054.tmp"
Mon 27 Jan 2003 19,456 A..H. --- "C:\Honza\çkola\Od Jirky\CVUT FSI II\~WRL3814.tmp"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sat 3 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
Wed 14 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6e75856c6efd762fe9068b5aa0da3bd6\BIT5D8.tmp"
Sun 15 Feb 2004 80,896 A..H. --- "C:\Honza\çkola\Od Jirky\CVUT FSI II\cms1\~WRL3158.tmp"
Mon 31 May 2004 21,504 A..H. --- "C:\Honza\çkola\Od Jirky\CVUT FSI II\mep\~WRL0838.tmp"
Mon 31 May 2004 26,112 A..H. --- "C:\Honza\çkola\Od Jirky\CVUT FSI II\mep\~WRL3730.tmp"
Tue 25 Apr 2006 588,800 A..H. --- "C:\Honza\çkola\Od Jirky\FSI V\PVS\~WRL4050.tmp"
Tue 24 May 2005 104,448 A..H. --- "C:\Honza\çkola\Od Jirky\¬VUT FSI IV\FM\~WRL3408.tmp"
Finished!
log z HJT:
Logfile of HijackThis v1.99.1
Scan saved at 21:52:42, on 18.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\UMonit.exe
C:\Program Files\ANSYS Inc\v110\RSM\bin\JobManagerService.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Labtec NumPad\Magickey.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Honza\Plocha\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\UMonit.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Uninstall_CToolbar] "C:\WINDOWS\Temp\CTun.exe" "/remove"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_S2F25.tmp" /EF "HKCU"
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Enable Labtec NumPad.lnk = C:\Program Files\Labtec NumPad\Magickey.exe
O4 - Global Startup: Power4 Gear (2).lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: OneCard - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Backbone Service (BBDemon) - Unknown owner - C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe" -service (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ansys JobManager Service V11 (JobManagerService110) - Ansys, Inc - C:\Program Files\ANSYS Inc\v110\RSM\bin\JobManagerService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Ansys ScriptHost Service V11 (ScriptHostService110) - Ansys, Inc. - C:\Program Files\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe
info z VirusTotal:
Soubor GtFlashSwitch.exe přijatý 2007.11.18 21:10:18 (CET)
Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2007.11.17.0 2007.11.16 -
AntiVir 7.6.0.34 2007.11.16 -
Authentium 4.93.8 2007.11.17 -
Avast 4.7.1074.0 2007.11.18 -
AVG 7.5.0.503 2007.11.18 -
BitDefender 7.2 2007.11.18 -
CAT-QuickHeal 9.00 2007.11.17 -
ClamAV 0.91.2 2007.11.18 -
DrWeb 4.44.0.09170 2007.11.18 -
eSafe 7.0.15.0 2007.11.14 -
eTrust-Vet 31.2.5304 2007.11.17 -
Ewido 4.0 2007.11.18 -
FileAdvisor 1 2007.11.18 -
Fortinet 3.11.0.0 2007.11.18 -
F-Prot 4.4.2.54 2007.11.18 -
F-Secure 6.70.13030.0 2007.11.18 -
Ikarus T3.1.1.12 2007.11.18 -
Kaspersky 7.0.0.125 2007.11.18 -
McAfee 5165 2007.11.16 -
Microsoft 1.3007 2007.11.18 -
NOD32v2 2665 2007.11.17 -
Norman 5.80.02 2007.11.16 -
Panda 9.0.0.4 2007.11.18 -
Prevx1 V2 2007.11.18 Heuristic: Suspicious File With Bad Parent Associations
Rising 20.18.61.00 2007.11.18 -
Sophos 4.23.0 2007.11.18 -
Sunbelt 2.2.907.0 2007.11.17 -
Symantec 10 2007.11.18 -
TheHacker 6.2.9.133 2007.11.17 -
VBA32 3.12.2.5 2007.11.16 -
VirusBuster 4.3.26:9 2007.11.18 -
Webwasher-Gateway 6.0.1 2007.11.18 -
Rozšiřující informace
File size: 176128 bytes
MD5: d47cbe7ecdf9c048f674df2da9943422
SHA1: 59c51ba3e52137ed2ff949cdd837e08eed8df773
Prevx info: http://fileinfo.prevx.com/fileinfo.asp? ... 0061270334
Ty slozky youtube .,používám z nich Konfabulator (hodiny atd). Potom Spyware terminator jsem smazal komplet.Avenger nedokazal smazat ten swhnnrtc.dll nemel bych to spustit take v nouzovem rezimu?
Na VirusTotal to krom jednoho nic nenahlasilo. Pocitac uz se tedy znacne zrychlil...ozna bych řekl že už šlape z 80% puvodni rychlosti. Start už je uplne dobrý. A ve windows třeba firefox se mi zda že startuje moc dlouho...Tak nevim pokud tam jeste vidite nejaky svinstvo...rad bych to dotahl do konce ...díky za vše ..fakt..
tak jsem vše provedl :
log z SFFIX :
SDFix: Version 1.114
Run by Administrator on ne 18.11.2007 at 21:33
Microsoft Windows XP [Verze 5.1.2600]
Running From: C:\SDFix
Safe Mode:
Checking Services:
Restoring Windows Registry Values
Restoring Windows Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
No Trojan Files Found
Removing Temp Files...
ADS Check:
C:\WINDOWS
No streams found.
C:\WINDOWS\system32
No streams found.
C:\WINDOWS\system32\svchost.exe
No streams found.
C:\WINDOWS\system32\ntoskrnl.exe
No streams found.
Final Check:
catchme 0.3.1262.1 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-18 21:40:06
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:2df9c43f
"s2"=dword:110480d0
"h0"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:bd,ee,71,ca,73,39,38,23,5a,d5,df,1c,e7,df,70,4b,5c,0e,99,a4,54,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,8b,a1,be,95,a0,cc,c6,ee,07,b3,2b,89,cd,e6,79,9e,9d,..
"khjeh"=hex:a2,65,1d,fd,0a,d7,f2,79,3b,fb,9c,ea,0c,3c,34,35,e0,7b,1b,50,dd,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:92,83,92,e5,f4,7f,fc,c6,e1,63,b0,5b,02,d2,e4,4f,54,6b,42,f0,0b,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"p0"="C:\Program Files\DAEMON Tools\"
"h0"=dword:00000000
"khjeh"=hex:bd,ee,71,ca,73,39,38,23,5a,d5,df,1c,e7,df,70,4b,5c,0e,99,a4,54,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"a0"=hex:20,01,00,00,8b,a1,be,95,a0,cc,c6,ee,07,b3,2b,89,cd,e6,79,9e,9d,..
"khjeh"=hex:a2,65,1d,fd,0a,d7,f2,79,3b,fb,9c,ea,0c,3c,34,35,e0,7b,1b,50,dd,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:92,83,92,e5,f4,7f,fc,c6,e1,63,b0,5b,02,d2,e4,4f,54,6b,42,f0,0b,..
scanning hidden registry entries ...
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\Cursors\Schemes]
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?"="C:\WINDOWS\cursors\arrow_r.cur,C:\WINDOWS\cursors\help_r.cur,C:\WINDOWS\cursors\wait_r.cur,C:\WINDOWS\cursors\busy_r.cur,C:\WINDOWS\cursors\cross_r.cur,C:\WINDOWS\cursors\beam_r.cur,C:\WINDOWS\cursors\pen_r.cur,C:\WINDOWS\cursors\no_r.cur,C:\WINDOWS\cursors\size4_r.cur,C:\WINDOWS\cursors\size3_r.cur,C:\WINDOWS\cursors\size2_r.cur,C:\WINDOWS\cursors\size1_r.cur,C:\WINDOWS\cursors\move_r.cur,C:\WINDOWS\cursors\up_r.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?v?e?l?k?\xe9?)?"="C:\WINDOWS\cursors\arrow_rm.cur,C:\WINDOWS\cursors\help_rm.cur,C:\WINDOWS\cursors\wait_rm.cur,C:\WINDOWS\cursors\busy_rm.cur,C:\WINDOWS\cursors\cross_rm.cur,C:\WINDOWS\cursors\beam_rm.cur,C:\WINDOWS\cursors\pen_rm.cur,C:\WINDOWS\cursors\no_rm.cur,C:\WINDOWS\cursors\size4_rm.cur,C:\WINDOWS\cursors\size3_rm.cur,C:\WINDOWS\cursors\size2_rm.cur,C:\WINDOWS\cursors\size1_rm.cur,C:\WINDOWS\cursors\move_rm.cur,C:\WINDOWS\cursors\up_rm.cur"
"\f\1e?r?n?\xe9? ?u?k?a?z?a?t?e?l?e? ?(?n?e?j?v?\e\1t?a\1\xed?)?"="C:\WINDOWS\cursors\arrow_rl.cur,C:\WINDOWS\cursors\help_rl.cur,C:\WINDOWS\cursors\wait_rl.cur,C:\WINDOWS\cursors\busy_rl.cur,C:\WINDOWS\cursors\cross_rl.cur,C:\WINDOWS\cursors\beam_rl.cur,C:\WINDOWS\cursors\pen_rl.cur,C:\WINDOWS\cursors\no_rl.cur,C:\WINDOWS\cursors\size4_rl.cur,C:\WINDOWS\cursors\size3_rl.cur,C:\WINDOWS\cursors\size2_rl.cur,C:\WINDOWS\cursors\size1_rl.cur,C:\WINDOWS\cursors\move_rl.cur,C:\WINDOWS\cursors\up_rl.cur"
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
Remaining Files:
---------------
Files with Hidden Attributes:
Wed 3 May 2006 163,328 A.SHR --- "C:\WINDOWS\system32\flvDX.dll"
Wed 21 Feb 2007 31,232 A.SHR --- "C:\WINDOWS\system32\msfDX.dll"
Fri 8 Jun 2007 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 22 Dec 2004 76,568 ..SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\Setup.exe"
Thu 13 Jan 2005 11,360 A.SHR --- "C:\Program Files\Autodesk\Autodesk DWF Viewer\_Setupx.dll"
Sun 26 Jun 2005 616,448 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygwin1.dll"
Tue 21 Jun 2005 45,568 ..SHR --- "C:\Program Files\eRightSoft\SUPER\cygz.dll"
Sun 19 Aug 2007 72,704 ..SHR --- "C:\Program Files\eRightSoft\SUPER\Setup.exe"
Fri 27 Oct 2006 15,360 A.SHR --- "C:\Program Files\eRightSoft\SUPER\_Setup.dll"
Sun 17 Nov 2002 33,792 A..H. --- "C:\Honza\çkola\Od Jirky\CVUT FSI II\~WRL0001.tmp"
Mon 23 Jun 2003 64,512 A..H. --- "C:\Honza\çkola\Od Jirky\CVUT FSI II\~WRL0002.tmp"
Mon 26 May 2003 36,352 A..H. --- "C:\Honza\çkola\Od Jirky\CVUT FSI II\~WRL0005.tmp"
Wed 12 Feb 2003 23,040 A..H. --- "C:\Honza\çkola\Od Jirky\CVUT FSI II\~WRL1925.tmp"
Sun 1 Dec 2002 19,968 A..H. --- "C:\Honza\çkola\Od Jirky\CVUT FSI II\~WRL3054.tmp"
Mon 27 Jan 2003 19,456 A..H. --- "C:\Honza\çkola\Od Jirky\CVUT FSI II\~WRL3814.tmp"
Tue 4 Jun 2002 84,992 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\14_43260.dll"
Tue 4 Jun 2002 44,032 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\28_83260.dll"
Tue 10 Dec 2002 73,766 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\atrc3260.dll"
Tue 10 Dec 2002 65,575 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\cook3260.dll"
Sun 9 Jun 2002 36,864 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ddnt3260.dll"
Tue 4 Jun 2002 20,480 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dnet3260.dll"
Tue 10 Dec 2002 102,437 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv13260.dll"
Tue 10 Dec 2002 176,165 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv23260.dll"
Tue 10 Dec 2002 208,935 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv33260.dll"
Tue 10 Dec 2002 217,127 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\drv43260.dll"
Sun 9 Jun 2002 40,448 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\dspr3260.dll"
Sat 3 Nov 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\ivvideo.dll"
Tue 10 Apr 2001 225,280 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\qtmlClient.dll"
Fri 20 Feb 2004 232,960 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\raac.dll"
Sun 9 Jun 2002 525,824 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnco3260.dll"
Tue 10 Dec 2002 245,805 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rnlt3260.dll"
Tue 10 Dec 2002 45,093 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv103260.dll"
Tue 10 Dec 2002 98,341 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv203260.dll"
Tue 10 Dec 2002 94,247 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv303260.dll"
Tue 10 Dec 2002 90,151 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\rv403260.dll"
Tue 10 Dec 2002 102,439 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\sipr3260.dll"
Sun 9 Jun 2002 49,152 ...HR --- "C:\Program Files\eRightSoft\SUPER\mencoder\tokr3260.dll"
Wed 14 Nov 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\6e75856c6efd762fe9068b5aa0da3bd6\BIT5D8.tmp"
Sun 15 Feb 2004 80,896 A..H. --- "C:\Honza\çkola\Od Jirky\CVUT FSI II\cms1\~WRL3158.tmp"
Mon 31 May 2004 21,504 A..H. --- "C:\Honza\çkola\Od Jirky\CVUT FSI II\mep\~WRL0838.tmp"
Mon 31 May 2004 26,112 A..H. --- "C:\Honza\çkola\Od Jirky\CVUT FSI II\mep\~WRL3730.tmp"
Tue 25 Apr 2006 588,800 A..H. --- "C:\Honza\çkola\Od Jirky\FSI V\PVS\~WRL4050.tmp"
Tue 24 May 2005 104,448 A..H. --- "C:\Honza\çkola\Od Jirky\¬VUT FSI IV\FM\~WRL3408.tmp"
Finished!
log z HJT:
Logfile of HijackThis v1.99.1
Scan saved at 21:52:42, on 18.11.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\AsGHost.exe
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
C:\WINDOWS\ATK0100\HControl.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\UMonit.exe
C:\Program Files\ANSYS Inc\v110\RSM\bin\JobManagerService.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\ASUS\Splendid\ACMON.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ACEngSvr.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Labtec NumPad\Magickey.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
C:\WINDOWS\ATK0100\ATKOSD.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Honza\Plocha\hijackthis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: ASUS Security Protect Manager - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ItIEAddIn.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [UMonit] C:\WINDOWS\system32\UMonit.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\ASUSSE~1\ASUSSE~1\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Uninstall_CToolbar] "C:\WINDOWS\Temp\CTun.exe" "/remove"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\WINDOWS\TEMP\E_S2F25.tmp" /EF "HKCU"
O4 - Startup: Yahoo! Widget Engine.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgetEngine.exe
O4 - Global Startup: Enable Labtec NumPad.lnk = C:\Program Files\Labtec NumPad\Magickey.exe
O4 - Global Startup: Power4 Gear (2).lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Převést cíl vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést cíl vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Převést vybrané vazby do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Převést vybrané vazby do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Převést výběr do Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Převést výběr do existujícího PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: ASUS Security Protect Manager e-Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra 'Tools' menuitem: ASUS Security Protect Manager e-&Wallet - {1009C944-97D5-44A9-9E32-DFF54F498968} - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWallet.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: OneCard - C:\Program Files\ASUS Security Center\ASUS Security Protect Manager\Bin\ASWLNPkg.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Backbone Service (BBDemon) - Unknown owner - C:\Program Files\Dassault Systemes\B17\intel_a\code\bin\CATSysDemon.exe" -service (file missing)
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: GtFlashSwitch - OptionNV - C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Ansys JobManager Service V11 (JobManagerService110) - Ansys, Inc - C:\Program Files\ANSYS Inc\v110\RSM\bin\JobManagerService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Ansys ScriptHost Service V11 (ScriptHostService110) - Ansys, Inc. - C:\Program Files\ANSYS Inc\v110\RSM\bin\ScriptHostService.exe
info z VirusTotal:
Soubor GtFlashSwitch.exe přijatý 2007.11.18 21:10:18 (CET)
Antivirus Verze Poslední aktualizace Výsledek
AhnLab-V3 2007.11.17.0 2007.11.16 -
AntiVir 7.6.0.34 2007.11.16 -
Authentium 4.93.8 2007.11.17 -
Avast 4.7.1074.0 2007.11.18 -
AVG 7.5.0.503 2007.11.18 -
BitDefender 7.2 2007.11.18 -
CAT-QuickHeal 9.00 2007.11.17 -
ClamAV 0.91.2 2007.11.18 -
DrWeb 4.44.0.09170 2007.11.18 -
eSafe 7.0.15.0 2007.11.14 -
eTrust-Vet 31.2.5304 2007.11.17 -
Ewido 4.0 2007.11.18 -
FileAdvisor 1 2007.11.18 -
Fortinet 3.11.0.0 2007.11.18 -
F-Prot 4.4.2.54 2007.11.18 -
F-Secure 6.70.13030.0 2007.11.18 -
Ikarus T3.1.1.12 2007.11.18 -
Kaspersky 7.0.0.125 2007.11.18 -
McAfee 5165 2007.11.16 -
Microsoft 1.3007 2007.11.18 -
NOD32v2 2665 2007.11.17 -
Norman 5.80.02 2007.11.16 -
Panda 9.0.0.4 2007.11.18 -
Prevx1 V2 2007.11.18 Heuristic: Suspicious File With Bad Parent Associations
Rising 20.18.61.00 2007.11.18 -
Sophos 4.23.0 2007.11.18 -
Sunbelt 2.2.907.0 2007.11.17 -
Symantec 10 2007.11.18 -
TheHacker 6.2.9.133 2007.11.17 -
VBA32 3.12.2.5 2007.11.16 -
VirusBuster 4.3.26:9 2007.11.18 -
Webwasher-Gateway 6.0.1 2007.11.18 -
Rozšiřující informace
File size: 176128 bytes
MD5: d47cbe7ecdf9c048f674df2da9943422
SHA1: 59c51ba3e52137ed2ff949cdd837e08eed8df773
Prevx info: http://fileinfo.prevx.com/fileinfo.asp? ... 0061270334
Ty slozky youtube .,používám z nich Konfabulator (hodiny atd). Potom Spyware terminator jsem smazal komplet.Avenger nedokazal smazat ten swhnnrtc.dll nemel bych to spustit take v nouzovem rezimu?
Na VirusTotal to krom jednoho nic nenahlasilo. Pocitac uz se tedy znacne zrychlil...ozna bych řekl že už šlape z 80% puvodni rychlosti. Start už je uplne dobrý. A ve windows třeba firefox se mi zda že startuje moc dlouho...Tak nevim pokud tam jeste vidite nejaky svinstvo...rad bych to dotahl do konce ...díky za vše ..fakt..
- BUBINO
- Začátečník
-
- Registrován: 12. čer 2007
- Bydliště: Mám
Este nieco 
Ide ten Combo?
Toto fixnite :
O4 - HKLM\..\Run: [Uninstall_CToolbar] "C:\WINDOWS\Temp\CTun.exe" "/remove"
Do avengeru dajte
Povedal ste , ze vam virustotal zahlasil vir na jednom .Mohol by sem dat na aky?
Toto poznate:
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
Ide ten Combo?
Toto fixnite :
O4 - HKLM\..\Run: [Uninstall_CToolbar] "C:\WINDOWS\Temp\CTun.exe" "/remove"
Do avengeru dajte
Mohol by ste tu prosim dat log z predosleho avengeru ktory tvrdite , ze nezmaznul? Potom urobte to hore a dajte tu novy log.Files to delete:
C:\WINDOWS\Temp\CTun.exe
Povedal ste , ze vam virustotal zahlasil vir na jednom .Mohol by sem dat na aky?
Toto poznate:
C:\Program Files\Common Files\GtFlashSwitch\GtFlashSwitch.exe
- honzahkj
- Nováček
-
- Registrován: 17. lis 2007
Combo stale nejde,
zahlasí to hlášku viz výše .
......CTun.exe jsem fixnul.
Tady je predesly log z aVENGERU:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vctlcgda
*******************
Script file located at: \??\C:\WINDOWS\gxiyeiir.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\system32\swhnnrtc.dll not found!
Deletion of file C:\WINDOWS\system32\swhnnrtc.dll failed!
Could not process line:
C:\WINDOWS\system32\swhnnrtc.dll
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
Ten GTFlashSwitch.exe nic mi to neříká.
Virus total zahlasil : Prevx1 V2 2007.11.18 Heuristic: Suspicious File With Bad Parent Associations
Zachviliu poslu log z noveho avengeru
zahlasí to hlášku viz výše .
......CTun.exe jsem fixnul.
Tady je predesly log z aVENGERU:
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\vctlcgda
*******************
Script file located at: \??\C:\WINDOWS\gxiyeiir.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\system32\swhnnrtc.dll not found!
Deletion of file C:\WINDOWS\system32\swhnnrtc.dll failed!
Could not process line:
C:\WINDOWS\system32\swhnnrtc.dll
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
Ten GTFlashSwitch.exe nic mi to neříká.
Virus total zahlasil : Prevx1 V2 2007.11.18 Heuristic: Suspicious File With Bad Parent Associations
Zachviliu poslu log z noveho avengeru
- honzahkj
- Nováček
-
- Registrován: 17. lis 2007
tady je novy log z avengeru
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\reidygpv
*******************
Script file located at: \??\C:\Program Files\qxrrr^ja.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\Temp\CTun.exe not found!
Deletion of file C:\WINDOWS\Temp\CTun.exe failed!
Could not process line:
C:\WINDOWS\Temp\CTun.exe
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\reidygpv
*******************
Script file located at: \??\C:\Program Files\qxrrr^ja.txt
Script file opened successfully.
Script file read successfully
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
File C:\WINDOWS\Temp\CTun.exe not found!
Deletion of file C:\WINDOWS\Temp\CTun.exe failed!
Could not process line:
C:\WINDOWS\Temp\CTun.exe
Status: 0xc0000034
Completed script processing.
*******************
Finished! Terminate.
- BUBINO
- Začátečník
-
- Registrován: 12. čer 2007
- Bydliště: Mám
Sikol by sa mi Combofix log. 
Este urobte nasledovne a dufam , ze posledne .
Precistite pocitac este s ccleanerom http://www.viry.cz/forum/viewtopic.php?t=7478/
Dajte sem log z HijackThis. Ak chcete mat isottu , ze uz ste bez virov Aplikujte mwav podla navodu : http://www.viry.cz/forum/viewtopic.php?t=4097
Vypnite obnovu systemu , nechajte spustene skenovanie a po skenu sem vlozte log z dolneho okna.
Este urobte nasledovne a dufam , ze posledne . Precistite pocitac este s ccleanerom http://www.viry.cz/forum/viewtopic.php?t=7478/
Dajte sem log z HijackThis. Ak chcete mat isottu , ze uz ste bez virov Aplikujte mwav podla navodu : http://www.viry.cz/forum/viewtopic.php?t=4097
Vypnite obnovu systemu , nechajte spustene skenovanie a po skenu sem vlozte log z dolneho okna.