Internetove Stranky (VYŘEŠENO)

Vlastik, 6 Leden, 2008

Internet, web a komunikace

Ahojte, mam tu problem, ktery me uz zacina srat. :o Kdykoliv kdyz napisu do vyhledavace nejake slovo treba "hodinky" najde mi to seznam nalezenych stranek. To je zatim v poradku. Az do te doby nez na nektery z tech odkazu kliknete. Misto toho. aby se mi zobrazila stranka napr. www.hodinky.cz objevi se toto: http://tvhacker.com/hodinky.cfm?pt=2&rpt=1&kt=1. Driv se mi tohle neobjevovalo a nechci, aby se to objevovalo. Melo by se proste rovnou prejit na stanku, ktera je tam napsana - tzn. hodinky.cz. Tak premyslejte cim to je. DIKY

[15535] Internetove Stranky (*VYŘEŠENO*)

Dne 6 Leden, 2008 Honza komentuje:

Dobry den,
tato stranky se objeví vždy? Pro začatek co mate za antivir spyware atd? Protože to vypada, že máte v pc havět asi nějaky tracker zřejmě, projedte pc svým antivirem, zapněte firewall, použijte návod z našeho webu - vyčištění pc.

[15536] Internetove Stranky (*VYŘEŠENO*)

Dne 6 Leden, 2008 Vlastik komentuje:

Takova nejaka stranka se objevi s nejvetsi pravdepodobnosti vzdy kdyz kliknu na nejaky odkaz co mi najde vyhledavac. A mam SpyBot S&D, pak Ad-Aware SE Personal a tento program mi uz po nekolikate nasel WinZix, ktery mel nejvetsi stupen nebezpecnosti a vzdy kdyz jsem ho smazal, tak jsem po opetovnem zapnutio pc spustil Ad-Aware a byl tam zas. To bude asi jim. Hajzl jeden :-? No jeste mam avast, ale ten neni moc dobry ja vim, no ostatni jsou placene. Jo a jeste tam mam Kerio Personal Firewall, ale uz s proslou licencni dobou tzn. program se mi sam prepl do omezene verze.

[15537] Internetove Stranky (*VYŘEŠENO*)

Dne 6 Leden, 2008 Jiří Molnár komentuje:

Doporučený postup:
Hoďte nám sem LOG z Hijackthisu (jak použít program se píše například zde: http://www.pcporadenstvi.cz/node/6622
Za druhé mi sem napište název toho spywaru, který vás tíží.

[15538] Internetove Stranky (*VYŘEŠENO*)

Dne 7 Leden, 2008 Vlastik komentuje:

Logfile of HijackThis v1.99.1
Scan saved at 7:32:16, on 7.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Avast4\aswUpdSv.exe
C:\Program Files\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Kerio Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Avast4\ashMaiSv.exe
C:\Program Files\Avast4\ashWebSv.exe
C:\Program Files\Kerio Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio Personal Firewall\kpf4gui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\PROGRA~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\mHotkey.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\Documents and Settings\Vlastik\Plocha\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O1 - Hosts: 121.128.133.26 gwgt1.joymax.com
O1 - Hosts: 121.128.133.27 gwgt1.joymax.com
O1 - Hosts: 82.208.58.96 l2authd.lineage2.com
O1 - Hosts: 82.208.58.96 l2testauthd.lineage2.com
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [User Enc Proc Curb] C:\Documents and Settings\All Users\Data aplikací\bias grim user enc\gram bike.exe
O4 - HKCU\..\Run: [grim ace] C:\DOCUME~1\Vlastik\DATAAP~1\GLUEME~1\SaveNoun.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe Reader 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E796E46D-7D4F-4EA0-8C07-551DD7256612}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Kerio Personal Firewall\kpf4ss.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

Ale nevim zda-li me jeste ten WinZix jeste trapi. Dneska jsem spustil Ad-Aware SE a uz tam nebyl. Ani v Spy Bot nebyl, avsak stranky posrane se objevuji porad. Neslo by treba naistalovat nejaky doplnek do Mozily, ktery by zabranil vyskakovani tech zasranych oken ?

[15539] Internetove Stranky (*VYŘEŠENO*)

Dne 8 Leden, 2008 Vlastik komentuje:

Jo a jeste dotaz: Kdyz mi vyskakuji okna nejake reklamy, jak se jich mam zbavit ? Zacina me to pekne srat. Jsou to stranky typu bonprix, 4home a takove.

[15540] Internetove Stranky (*VYŘEŠENO*)

Dne 8 Leden, 2008 Diallix komentuje:

Je to jasne!

Toto v programe fixnite:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
O1 - Hosts: 121.128.133.26 gwgt1.joymax.com
O1 - Hosts: 121.128.133.27 gwgt1.joymax.com
O1 - Hosts: 82.208.58.96 l2authd.lineage2.com
O1 - Hosts: 82.208.58.96 l2testauthd.lineage2.com
O4 - HKLM\..\Run: [User Enc Proc Curb] C:\Documents and Settings\All Users\Data aplikací\bias grim user enc\gram bike.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{E796E46D-7D4F-4EA0-8C07-551DD7256612}: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.22
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222

Je mozne, ze ak fixnete tie O17, tak vam znemozni net.V takom pripade nastavte vsetky udaje vasho providera ako Lan, IP, atd. Tie hodnoty tam dal smejd.

[15541] Internetove Stranky (*VYŘEŠENO*)

Dne 9 Leden, 2008 Vlastik komentuje:

Kdyz mi vyskakuji okna nejake reklamy, jak se jich mam zbavit ? Neslo by treba naistalovat nejaky doplnek do Mozily, ktery by zabranil vyskakovani tech zasranych oken ?

[15542] Internetove Stranky (*VYŘEŠENO*)

Dne 9 Leden, 2008 Diallix komentuje:

Mate tam tie O1.To vam robia tie a nakazu Wareout.Urobte to, co som vam napisal a nebude vam vyskakovat nic.

[15543] Internetove Stranky (*VYŘEŠENO*)

Dne 9 Leden, 2008 Vlastik komentuje:

Me se ale zda ze to O1 jsou hosty k servrum od Lineage a ted jsem na jinem servru a uz tam nemam ty 3 O1 ale jen tohle : O1 - Hosts: 208.109.206.98 L2authd.Lineage2.com a kdybych to smazal tak smazu to co je v hostovi a nemoh bych se pripojit na lineage 2. Tak nevim jestli je to tim. Ostatni jsem vymazal.

[15544] Internetove Stranky (*VYŘEŠENO*)

Dne 9 Leden, 2008 Diallix komentuje:

Mozete sem dat novy log ?

[15545] Internetove Stranky (*VYŘEŠENO*)

Dne 9 Leden, 2008 Vlastik komentuje:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: 208.109.206.98 L2authd.Lineage2.com TOTO JSEM MYSLEM !
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKCU\..\Run: [grim ace] C:\DOCUME~1\Vlastik\DATAAP~1\GLUEME~1\SaveNoun.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe Reader 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Kerio Personal Firewall\kpf4ss.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

[15546] Internetove Stranky (*VYŘEŠENO*)

Dne 9 Leden, 2008 Diallix komentuje:

Log neni cely.

Toto poznate?
C:\DOCUME~1\Vlastik\DATAAP~1\GLUEME~1\SaveNoun.exe

Dajte tu novy log a urobte log z ComboFixu:

Quote:

stahnete a ulozte na plochu

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, stisknete klavesu 1 pro pokracovani

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), postupujte dle pokynu na obrazovce, behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate Spyware Terminator, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze se pri skenu Combofix pokousi infikovane soubory smazat a Spyware Terminator tomu muze branit

po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem

[15547] Internetove Stranky (*VYŘEŠENO*)

Dne 10 Leden, 2008 Vlastik komentuje:

ComboFix 08-01-09.2 - Vlastik 2008-01-10 13:56:43.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.217 [GMT 1:00]
Running from: C:\Documents and Settings\Vlastik\Plocha\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\kdzrb.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-10 to 2008-01-10 )))))))))))))))))))))))))))))))
.

2008-01-10 13:54 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-10 13:47 . 2008-01-10 13:47 <DIR> d-------- C:\Program Files\Glue mess peak
2008-01-10 08:00 . 2008-01-10 08:03 <DIR> d-------- C:\Program Files\BitLord
2008-01-08 17:43 . 2008-01-08 17:43 443 --a------ C:\WINDOWS\system32\system32.lnk
2008-01-04 14:52 . 2008-01-04 15:01 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-03 21:14 . 2008-01-03 21:14 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-03 19:20 . 2008-01-03 19:20 311 --a------ C:\WINDOWS\SWFConverter.INI
2008-01-02 16:46 . 2008-01-02 16:46 <DIR> d-------- C:\Program Files\VLC
2007-12-31 14:26 . 2007-12-31 14:26 54,948 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-12-30 21:25 . 2001-08-23 17:00 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll
2007-12-30 21:25 . 2003-05-22 00:50 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2007-12-30 21:25 . 2003-05-22 00:50 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2007-12-30 21:25 . 2003-05-22 00:50 82,944 --a------ C:\WINDOWS\system32\vct3216.acm
2007-12-30 21:25 . 2004-02-04 22:11 81,920 --a------ C:\WINDOWS\system32\AC3ACM.acm
2007-12-30 21:25 . 2000-03-14 21:55 13,239 --a------ C:\WINDOWS\system32\Scg726.acm
2007-12-30 21:19 . 2007-12-30 21:19 <DIR> d-------- C:\Documents and Settings\Vlastik\Incomplete
2007-12-30 18:14 . 2007-12-31 12:21 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-12-27 20:53 . 2007-12-27 21:05 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2007-12-27 10:37 . 2007-12-27 10:37 <DIR> d-------- C:\Program Files\Google
2007-12-25 13:50 . 2007-12-25 13:57 <DIR> d-------- C:\Documents and Settings\Vlastik\Contacts
2007-12-25 13:49 . 2007-12-25 13:49 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-25 13:48 . 2007-12-30 18:14 <DIR> d-------- C:\Program Files\Windows Live
2007-12-23 16:24 . 2007-10-05 15:33 <DIR> d--h----- C:\Documents and Settings\Administrator\ćablony
2007-12-23 16:24 . 2007-10-05 17:25 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2007-12-23 16:24 . 2007-10-05 17:25 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ tisk rny
2007-12-23 16:24 . 2007-10-05 17:25 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ sˇś
2007-12-23 16:24 . 2007-10-05 17:25 <DIR> d-------- C:\Documents and Settings\Administrator\Oblˇben‚ polo§ky
2007-12-23 16:24 . 2007-10-05 17:25 <DIR> dr------- C:\Documents and Settings\Administrator\Nabˇdka Start
2007-12-23 16:24 . 2007-10-05 17:25 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2007-12-23 16:24 . 2007-10-05 17:25 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikacˇ
2007-12-16 20:15 . 2007-12-28 19:57 247 --a------ C:\WINDOWS\wcx_ftp.ini
2007-12-16 20:00 . 2007-12-16 20:00 <DIR> d-------- C:\Program Files\Common Files\Vbox
2007-12-16 05:54 . 2006-02-04 03:50 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2007-12-16 05:54 . 2006-02-04 03:50 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-10 12:28 589 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-01-08 19:54 --------- d-----w C:\Program Files\L2Informer
2008-01-03 20:18 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-27 20:23 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-12-25 17:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-24 18:44 --------- d-----w C:\Program Files\JetAudio
2007-12-24 18:31 --------- d-----w C:\Program Files\Common Files\COWON
2007-12-16 14:33 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-10 06:39 --------- d-----w C:\Program Files\Avast4
2007-12-05 17:59 --------- d-----w C:\Program Files\KYE
2007-12-05 17:49 --------- d-----w C:\Program Files\Realtek AC97
2007-12-04 20:43 --------- d-----w C:\Program Files\LG Ovladač
2007-12-04 19:51 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-12-04 19:51 --------- d-----w C:\Program Files\Java
2007-12-04 19:49 --------- d-----w C:\Program Files\Common Files\Java
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-03 15:56 --------- d-----w C:\Program Files\The KMPlayer
2007-11-29 18:27 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-11-29 18:27 249,856 ------w C:\WINDOWS\Setup1.exe
2007-11-23 20:36 --------- d-----w C:\Program Files\Common Files\DirectX
2007-11-19 15:00 --------- d-----w C:\Program Files\Alcohol
2007-11-10 17:23 --------- d-----w C:\Program Files\GSpot
2007-11-10 17:22 --------- d-----w C:\Program Files\XviD
2007-11-10 17:22 --------- d-----w C:\Program Files\DivX
2007-11-10 17:21 --------- d-----w C:\Program Files\XVid;-)
2007-11-10 17:20 --------- d-----w C:\Program Files\DivXCodec
2007-11-10 17:20 --------- d-----w C:\Program Files\AC3Filter
2007-10-29 20:06 675,328 ----a-w C:\WINDOWS\is-EVESJ.exe
2007-10-05 16:43 24,192 ----a-w C:\Documents and Settings\Vlastik\usbsermptxp.sys
2007-10-05 16:43 22,768 ----a-w C:\Documents and Settings\Vlastik\usbsermpt.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"grim ace"="C:\DOCUME~1\Vlastik\DATAAP~1\GLUEME~1\SaveNoun.exe" [2008-01-10 13:47 404480]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]
"BitComet"="C:\Program Files\BitLord\BitLord.exe" [2005-05-07 01:47 2224128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\System32\NeroCheck.exe" [2001-07-09 09:50 155648]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd.exe" [2003-08-04 16:28 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 07:38 241664]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 23:47 31016]
"avast!"="C:\PROGRA~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-10-04 17:14 8491008]
"nwiz"="nwiz.exe" [2007-10-04 17:14 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-10-04 17:14 81920]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 15:28 577536 C:\WINDOWS\soundman.exe]
"CHotkey"="mHotkey.exe" [2006-12-08 17:01 547840 C:\WINDOWS\mHotkey.exe]
"User Enc Proc Curb"="C:\Documents and Settings\All Users\Data aplikací\bias grim user enc\option site.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 14:49 15360]

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 09:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 09:21]
R1 oreans32;oreans32;C:\WINDOWS\system32\drivers\oreans32.sys [2007-10-29 21:32]
R2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Kerio Personal Firewall\kpf4ss.exe" [2007-04-26 09:21]
R3 axsaki;axsaki;C:\WINDOWS\system32\DRIVERS\axsaki.sys [2003-03-30 21:38]
R3 axskbus;axskbus;C:\WINDOWS\system32\DRIVERS\axskbus.sys [2003-03-28 11:58]
R3 NtApm;Ovladač rozhraní služby NT Apm/Legacy;C:\WINDOWS\system32\DRIVERS\NtApm.sys [2001-10-24 12:44]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-03 22:04]
S3 GVCplDrv;GVCplDrv;C:\WINDOWS\system32\drivers\GVCplDrv.sys [2003-09-30 06:25]
S3 msloop;Microsoft Loopback Adapter Driver;C:\WINDOWS\system32\DRIVERS\loop.sys [2001-08-17 21:53]
S3 NTProcDrv;Process creation detector for NT.;C:\Documents and Settings\Vlastik\Plocha\NtProcDrv.sys []

.
Contents of the 'Scheduled Tasks' folder
"2008-01-10 13:00:00 C:\WINDOWS\Tasks\A85D5C4C918AD2DC.job"
- c:\docume~1\vlastik\dataap~1\glueme~1\Browsewaveping.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 14:04:05
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"CHotkey"="mHotkey.exe"
.
Completion time: 2008-01-10 14:06:27 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-10 13:06:20

[15548] Internetove Stranky (*VYŘEŠENO*)

Dne 10 Leden, 2008 Vlastik komentuje:

Muzu se zeptat: Co mi to vlastne provedlo s pc? Dneska mi to po skenovani uz neukazuje ty otravne stranky, ale uvidime zitra. :???: P.S. Vytvorilo mi to na plose ikonu - IE. Ten stahnuty ComboFix pri skenovani napsal, ze veci ktere se tam vytvorili, tak je prej nemam menit ani mazat a kdyz jsem dal delete, tak se tam objevilo: Kdyz odstranite Combo Fix nebudete ho uz moci spoustet ani upravovat a u IE mi to napsalo: Jestli ji chci opravdu odstranit. No zni to tak vazne. No nejsem si jisty jestli to odstranit, abych tim neco nezkazil.

[15549] Internetove Stranky (*VYŘEŠENO*)

Dne 10 Leden, 2008 Diallix komentuje:

Zmazalo smejda.

Do poznamkoveho bloku skopiruj toto dole:

Quote:

FILE::
C:\WINDOWS\system32\system32.lnk
C:\WINDOWS\is-EVESJ.exe
C:\DOCUME~1\Vlastik\DATAAP~1\GLUEME~1\SaveNoun.exe
C:\Documents and Settings\All Users\Data aplikací\bias grim user enc\option site.exe
c:\docume~1\vlastik\dataap~1\glueme~1\Browsewaveping.exe
C:\WINDOWS\Tasks\A85D5C4C918AD2DC.job

Folders::
C:\DOCUME~1\Vlastik\DATAAP~1\GLUEME~1
C:\Documents and Settings\All Users\Data aplikací\bias grim user enc

Dirlook:
C:\Program Files\Glue mess peak
C:\Program Files\VLC
C:\Program Files\KYE
C:\Documents and Settings\Vlastik\Contacts

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "grim ace"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "User Enc Proc Curb"=-

Poznamkovy blog uloz na plochu ako CFScript.txt , presun s mysou nad combofix a pust ako obrazok dole.Combo sa spusti a nacita zo scriptu.Na konci procesu vybehne log, a ten skopiruj sem.

Tieto subory uploadni na virustotal.com a daj sem vysledky z neho.
C:\WINDOWS\system32\mlfcache.dat
C:\WINDOWS\WMSysPr8.prx

A prosim ta, uz nezakladaj temy a ries to v jednej a to mozes aj tu.

[15550] Internetove Stranky (*VYŘEŠENO*)

Dne 10 Leden, 2008 Vlastik komentuje:

ComboFix 08-01-09.2 - Vlastik 2008-01-10 22:34:15.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.108 [GMT 1:00]
Running from: C:\Documents and Settings\Vlastik\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Vlastik\Plocha\CFScript.txt
* Created a new restore point

FILE
c:\docume~1\vlastik\dataap~1\glueme~1\Browsewaveping.exe
C:\DOCUME~1\Vlastik\DATAAP~1\GLUEME~1\SaveNoun.exe
C:\Documents and Settings\All Users\Data aplikací\bias grim user enc\option site.exe
C:\WINDOWS\is-EVESJ.exe
C:\WINDOWS\system32\system32.lnk
C:\WINDOWS\Tasks\A85D5C4C918AD2DC.job
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\vlastik\dataap~1\glueme~1\Browsewaveping.exe
C:\DOCUME~1\Vlastik\DATAAP~1\GLUEME~1\SaveNoun.exe
C:\Documents and Settings\All Users\Data aplikací\bias grim user enc\option site.exe
C:\WINDOWS\is-EVESJ.exe
C:\WINDOWS\system32\system32.lnk
C:\WINDOWS\Tasks\A85D5C4C918AD2DC.job

.
((((((((((((((((((((((((( Files Created from 2007-12-10 to 2008-01-10 )))))))))))))))))))))))))))))))
.

2008-01-10 13:54 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-10 13:47 . 2008-01-10 13:47 <DIR> d-------- C:\Program Files\Glue mess peak
2008-01-10 08:00 . 2008-01-10 08:03 <DIR> d-------- C:\Program Files\BitLord
2008-01-04 14:52 . 2008-01-04 15:01 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-03 21:14 . 2008-01-03 21:14 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-03 19:20 . 2008-01-03 19:20 311 --a------ C:\WINDOWS\SWFConverter.INI
2008-01-02 16:46 . 2008-01-02 16:46 <DIR> d-------- C:\Program Files\VLC
2007-12-31 14:26 . 2007-12-31 14:26 54,948 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-12-30 21:25 . 2001-08-23 17:00 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll
2007-12-30 21:25 . 2003-05-22 00:50 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2007-12-30 21:25 . 2003-05-22 00:50 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2007-12-30 21:25 . 2003-05-22 00:50 82,944 --a------ C:\WINDOWS\system32\vct3216.acm
2007-12-30 21:25 . 2004-02-04 22:11 81,920 --a------ C:\WINDOWS\system32\AC3ACM.acm
2007-12-30 21:25 . 2000-03-14 21:55 13,239 --a------ C:\WINDOWS\system32\Scg726.acm
2007-12-30 21:19 . 2007-12-30 21:19 <DIR> d-------- C:\Documents and Settings\Vlastik\Incomplete
2007-12-30 18:14 . 2007-12-31 12:21 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-12-27 20:53 . 2007-12-27 21:05 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2007-12-27 10:37 . 2007-12-27 10:37 <DIR> d-------- C:\Program Files\Google
2007-12-25 13:50 . 2007-12-25 13:57 <DIR> d-------- C:\Documents and Settings\Vlastik\Contacts
2007-12-25 13:49 . 2007-12-25 13:49 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-25 13:48 . 2007-12-30 18:14 <DIR> d-------- C:\Program Files\Windows Live
2007-12-23 16:24 . 2007-10-05 15:33 <DIR> d--h----- C:\Documents and Settings\Administrator\ćablony
2007-12-23 16:24 . 2007-10-05 17:25 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2007-12-23 16:24 . 2007-10-05 17:25 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ tisk rny
2007-12-23 16:24 . 2007-10-05 17:25 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolnˇ sˇś
2007-12-23 16:24 . 2007-10-05 17:25 <DIR> d-------- C:\Documents and Settings\Administrator\Oblˇben‚ polo§ky
2007-12-23 16:24 . 2007-10-05 17:25 <DIR> dr------- C:\Documents and Settings\Administrator\Nabˇdka Start
2007-12-23 16:24 . 2007-10-05 17:25 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2007-12-23 16:24 . 2007-10-05 17:25 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikacˇ
2007-12-16 20:15 . 2007-12-28 19:57 247 --a------ C:\WINDOWS\wcx_ftp.ini
2007-12-16 20:00 . 2007-12-16 20:00 <DIR> d-------- C:\Program Files\Common Files\Vbox
2007-12-16 05:54 . 2006-02-04 03:50 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2007-12-16 05:54 . 2006-02-04 03:50 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-10 14:20 --------- d-----w C:\Program Files\L2Informer
2008-01-10 12:28 589 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-01-03 20:18 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-27 20:23 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-12-25 17:00 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-24 18:44 --------- d-----w C:\Program Files\JetAudio
2007-12-24 18:31 --------- d-----w C:\Program Files\Common Files\COWON
2007-12-16 14:33 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-10 06:39 --------- d-----w C:\Program Files\Avast4
2007-12-05 17:59 --------- d-----w C:\Program Files\KYE
2007-12-05 17:49 --------- d-----w C:\Program Files\Realtek AC97
2007-12-04 20:43 --------- d-----w C:\Program Files\LG Ovladač
2007-12-04 19:51 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-12-04 19:51 --------- d-----w C:\Program Files\Java
2007-12-04 19:49 --------- d-----w C:\Program Files\Common Files\Java
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-03 15:56 --------- d-----w C:\Program Files\The KMPlayer
2007-11-29 18:27 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-11-29 18:27 249,856 ------w C:\WINDOWS\Setup1.exe
2007-11-23 20:36 --------- d-----w C:\Program Files\Common Files\DirectX
2007-11-19 15:00 --------- d-----w C:\Program Files\Alcohol
2007-11-10 17:23 --------- d-----w C:\Program Files\GSpot
2007-11-10 17:22 --------- d-----w C:\Program Files\XviD
2007-11-10 17:22 --------- d-----w C:\Program Files\DivX
2007-11-10 17:21 --------- d-----w C:\Program Files\XVid;-)
2007-11-10 17:20 --------- d-----w C:\Program Files\DivXCodec
2007-11-10 17:20 --------- d-----w C:\Program Files\AC3Filter
2007-10-05 16:43 24,192 ----a-w C:\Documents and Settings\Vlastik\usbsermptxp.sys
2007-10-05 16:43 22,768 ----a-w C:\Documents and Settings\Vlastik\usbsermpt.sys
.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"grim ace"="C:\DOCUME~1\Vlastik\DATAAP~1\GLUEME~1\SaveNoun.exe" [ ]
"BitComet"="C:\Program Files\BitLord\BitLord.exe" [2005-05-07 01:47 2224128]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 14:49 15360]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 22:41:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"CHotkey"="mHotkey.exe"
.
Completion time: 2008-01-10 22:44:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-10 21:44:00
ComboFix.txt 2008-01-10 13:06:28

[15551] Internetove Stranky (*VYŘEŠENO*)

Dne 11 Leden, 2008 Vlastik komentuje:

Výsledky:

Soubor mlfcache.dat přijatý 2008.01.10 22:46:01 (CET)
Současný stav: Dokončeno
Výsledek: 0/32 (0.00%)

Soubor WMSysPr8.prx_ přijatý 2008.01.10 22:52:50 (CET)
Současný stav: Dokončeno
Výsledek: 0/32 (0.00%)

[15552] Internetove Stranky (*VYŘEŠENO*)

Dne 11 Leden, 2008 Diallix komentuje:

Chybycka sa vludila. Chod do nudzoveho rezimu, otvor blok a do neho skopiruj toto:

Quote:

FILE::
C:\WINDOWS\system32\system32.lnk
C:\WINDOWS\is-EVESJ.exe
C:\DOCUME~1\Vlastik\DATAAP~1\GLUEME~1\SaveNoun.exe
C:\Documents and Settings\All Users\Data aplikací\bias grim user enc\option site.exe
c:\docume~1\vlastik\dataap~1\glueme~1\Browsewaveping.exe
C:\WINDOWS\Tasks\A85D5C4C918AD2DC.job

Folders::
C:\DOCUME~1\Vlastik\DATAAP~1\GLUEME~1
C:\Documents and Settings\All Users\Data aplikací\bias grim user enc

Dirlook::
C:\Program Files\Glue mess peak
C:\Program Files\VLC
C:\Program Files\KYE
C:\Documents and Settings\Vlastik\Contacts

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "grim ace"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "User Enc Proc Curb"=-

Uloz na plochu ako CFScript.txt, combofixom pretiahni ako si robil ten prvy. Potom sem daj novy log.

[15553] Internetove Stranky (*VYŘEŠENO*)

Dne 11 Leden, 2008 Vlastik komentuje:

Nj, ale me se vloudila chybicka v tom nouzovem rezimu. Pri najeti se objevilo tohle:
No a prihlasil jsem se tam pres Administratora to je v poradku, ale nemuzu se pripojit na internet vypada to tam jako kdyby jste preinstalovali Windows - zadne ovladace a na prvni pohled se zda ze ani zadne programy, ale ony tam jsou. Jen ikony na plose chybi a moc tam toho nepodelam kdyz se nepripojim na net. Zkusim si to hodit na Cd a udealm to tak. Zatim se mrknete na ten screen a poradte jak to mam spravne nastavit.

[15554] Internetove Stranky (*VYŘEŠENO*)

Dne 11 Leden, 2008 Diallix komentuje:

Co chces nastavovat? Jasne, ze tam nemas nic, lebo je to nudzovy rezim a obaval by som sa v tedy, keby ta tabulka nenaskocila.Combo skopiruj v normalnom rezime na c:\ a v nudzovom na plochu. To jest vse a tabulku potvrd OK.

[15555] Internetove Stranky (*VYŘEŠENO*)

Dne 11 Leden, 2008 Vlastik komentuje:

ComboFix 08-01-09.2 - Administrator 2008-01-11 15:39:46.3 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\Administrator\Plocha\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Plocha\CFScript.txt

((((((((((((((((((((((((( Files Created from 2007-12-11 to 2008-01-11 )))))))))))))))))))))))))))))))
.

2008-01-11 15:13 . 2001-11-30 19:00 3,538 --a------ C:\WINDOWS\system32\drivers\Winflash.sys
2008-01-11 15:12 . 2008-01-11 15:13 <DIR> d-------- C:\Program Files\BIOS
2008-01-11 15:11 . 2008-01-11 15:11 <DIR> d-------- C:\Program Files\NVIDIA Corporation
2008-01-11 15:11 . 2008-01-11 15:11 <DIR> d-------- C:\Program Files\Common Files\NVIDIA Shared
2008-01-11 15:10 . 2004-06-24 18:57 172,032 --a------ C:\WINDOWS\system32\nvusmb.exe
2008-01-11 15:10 . 2004-01-29 02:22 159,744 --a------ C:\WINDOWS\system32\nvuenet.exe
2008-01-11 15:09 . 2008-01-11 15:09 <DIR> d-------- C:\NVIDIA
2008-01-11 14:46 . 2008-01-11 14:46 <DIR> d-------- C:\Documents and Settings\Administrator\Data aplikací\ACD Systems
2008-01-10 13:54 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-10 13:47 . 2008-01-10 13:47 <DIR> d-------- C:\Program Files\Glue mess peak
2008-01-10 08:00 . 2008-01-10 08:03 <DIR> d-------- C:\Program Files\BitLord
2008-01-09 18:33 . 2008-01-09 18:33 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\Azureus
2008-01-04 14:52 . 2008-01-04 15:01 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-03 21:31 . 2008-01-03 21:31 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\FLEXnet
2008-01-03 21:14 . 2008-01-03 21:14 <DIR> d-------- C:\Program Files\Common Files\Macrovision Shared
2008-01-03 19:20 . 2008-01-03 19:20 311 --a------ C:\WINDOWS\SWFConverter.INI
2008-01-02 16:46 . 2008-01-02 16:46 <DIR> d-------- C:\Program Files\VLC
2007-12-31 14:26 . 2007-12-31 14:26 54,948 --ah----- C:\WINDOWS\system32\mlfcache.dat
2007-12-31 12:45 . 2008-01-10 22:41 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\bias grim user enc
2007-12-30 21:25 . 2001-08-23 17:00 1,700,352 --a------ C:\WINDOWS\system32\gdiplus.dll
2007-12-30 21:25 . 2003-05-22 00:50 261,632 --a------ C:\WINDOWS\system32\mcdvd_32.dll
2007-12-30 21:25 . 2003-05-22 00:50 156,910 --a------ C:\WINDOWS\WMSysPr8.prx
2007-12-30 21:25 . 2003-05-22 00:50 82,944 --a------ C:\WINDOWS\system32\vct3216.acm
2007-12-30 21:25 . 2004-02-04 22:11 81,920 --a------ C:\WINDOWS\system32\AC3ACM.acm
2007-12-30 21:25 . 2000-03-14 21:55 13,239 --a------ C:\WINDOWS\system32\Scg726.acm
2007-12-30 18:14 . 2007-12-31 12:21 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2007-12-27 20:53 . 2007-12-27 21:05 <DIR> d-------- C:\Program Files\Common Files\LightScribe
2007-12-27 10:37 . 2007-12-27 10:37 <DIR> d-------- C:\Program Files\Google
2007-12-25 13:49 . 2007-12-25 13:49 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-12-25 13:49 . 2007-12-25 13:49 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\WindowsLiveInstaller
2007-12-25 13:48 . 2007-12-30 18:14 <DIR> d-------- C:\Program Files\Windows Live
2007-12-25 13:48 . 2007-12-25 13:48 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\WLInstaller
2007-12-23 16:24 . 2008-01-11 15:39 <DIR> d-------- C:\Documents and Settings\Administrator\Plocha
2007-12-23 16:24 . 2007-10-05 17:25 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní tiskárny
2007-12-23 16:24 . 2007-10-05 17:25 <DIR> d--h----- C:\Documents and Settings\Administrator\Okolní síť
2007-12-23 16:24 . 2007-10-05 17:25 <DIR> d-------- C:\Documents and Settings\Administrator\Oblíbené položky
2007-12-23 16:24 . 2007-10-05 15:33 <DIR> d--h----- C:\Documents and Settings\Administrator\Šablony
2007-12-23 16:24 . 2007-10-05 17:25 <DIR> dr------- C:\Documents and Settings\Administrator\Nabídka Start
2007-12-23 16:24 . 2008-01-11 14:46 <DIR> d-------- C:\Documents and Settings\Administrator\Dokumenty
2007-12-23 16:24 . 2008-01-11 15:37 <DIR> dr-h----- C:\Documents and Settings\Administrator\Data aplikací
2007-12-16 20:15 . 2007-12-28 19:57 247 --a------ C:\WINDOWS\wcx_ftp.ini
2007-12-16 20:00 . 2007-12-16 20:00 <DIR> d-------- C:\Program Files\Common Files\Vbox
2007-12-16 15:34 . 2007-12-16 15:34 <DIR> d-------- C:\Documents and Settings\All Users\Data aplikací\InstallShield
2007-12-16 05:54 . 2006-02-04 03:50 5,174 --a------ C:\WINDOWS\system32\nppt9x.vxd
2007-12-16 05:54 . 2006-02-04 03:50 4,682 --a------ C:\WINDOWS\system32\npptNT2.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-11 14:36 919 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-01-11 14:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-10 14:20 --------- d-----w C:\Program Files\L2Informer
2008-01-03 20:18 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-27 21:16 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2007-12-27 20:23 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
2007-12-27 20:23 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Autodesk
2007-12-24 18:44 --------- d-----w C:\Program Files\JetAudio
2007-12-24 18:31 --------- d-----w C:\Program Files\Common Files\COWON
2007-12-16 14:33 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-10 06:39 --------- d-----w C:\Program Files\Avast4
2007-12-05 17:59 --------- d-----w C:\Program Files\KYE
2007-12-05 17:49 --------- d-----w C:\Program Files\Realtek AC97
2007-12-04 20:43 --------- d-----w C:\Program Files\LG Ovladač
2007-12-04 19:51 --------- d-----w C:\Program Files\SystemRequirementsLab
2007-12-04 19:51 --------- d-----w C:\Program Files\Java
2007-12-04 19:49 --------- d-----w C:\Program Files\Common Files\Java
2007-12-04 17:14 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\PC Drivers HeadQuarters
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-12-03 15:56 --------- d-----w C:\Program Files\The KMPlayer
2007-11-29 18:27 73,216 ----a-w C:\WINDOWS\ST6UNST.EXE
2007-11-29 18:27 249,856 ------w C:\WINDOWS\Setup1.exe
2007-11-23 20:36 --------- d-----w C:\Program Files\Common Files\DirectX
2007-11-23 20:31 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\WinZip
2007-11-19 15:00 --------- d-----w C:\Program Files\Alcohol
2007-11-17 10:01 --------- d-----w C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2007-11-10 17:23 36,734 ----a-w C:\WINDOWS\system32\OggDSuninst.exe
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of C:\Documents and Settings\Vlastik\Contacts ----

C:\Documents and Settings\Vlastik\Contacts\

---- Directory of C:\Program Files\Glue mess peak ----

---- Directory of C:\Program Files\KYE ----

2005-02-25 16:54 351942 --a------ C:\Program Files\KYE\Multimedia keyboard driver\readme.pdf

---- Directory of C:\Program Files\VLC ----

2008-01-02 16:46 31840 --a------ C:\Program Files\VLC\unins000.dat
2007-04-07 21:06 468 --a------ C:\Program Files\VLC\NAVOD.txt
2007-04-07 10:58 54 --a------ C:\Program Files\VLC\Documentation.url
2007-04-07 10:58 49 --a------ C:\Program Files\VLC\VideoLAN Website.url
2007-04-07 10:58 23932 --a------ C:\Program Files\VLC\uninstall.log
2007-04-07 10:58 176479 --a------ C:\Program Files\VLC\uninstall.exe
2007-01-04 14:01 9816 --a------ C:\Program Files\VLC\http\dialogs\vlm
2007-01-04 14:01 973 --a------ C:\Program Files\VLC\http\old\cone_plus.png
2007-01-04 14:01 9728 --a------ C:\Program Files\VLC\plugins\libtta_plugin.dll
2007-01-04 14:01 9728 --a------ C:\Program Files\VLC\plugins\libnormvol_plugin.dll
2007-01-04 14:01 9728 --a------ C:\Program Files\VLC\plugins\libmsn_plugin.dll
2007-01-04 14:01 9728 --a------ C:\Program Files\VLC\plugins\liblinear_resampler_plugin.dll
2007-01-04 14:01 9728 --a------ C:\Program Files\VLC\plugins\libinvert_plugin.dll
2007-01-04 14:01 9728 --a------ C:\Program Files\VLC\plugins\libgestures_plugin.dll
2007-01-04 14:01 9728 --a------ C:\Program Files\VLC\plugins\libaccess_output_file_plugin.dll
2007-01-04 14:01 9713 --a------ C:\Program Files\VLC\http\dialogs\input
2007-01-04 14:01 934912 --a------ C:\Program Files\VLC\plugins\libmkv_plugin.dll
2007-01-04 14:01 93184 --a------ C:\Program Files\VLC\vlc.exe
2007-01-04 14:01 924 --a------ C:\Program Files\VLC\http\old\cone_minus.png
2007-01-04 14:01 92160 --a------ C:\Program Files\VLC\plugins\libmpgatofixed32_plugin.dll
2007-01-04 14:01 9216 --a------ C:\Program Files\VLC\plugins\libshout_plugin.dll
2007-01-04 14:01 9216 --a------ C:\Program Files\VLC\plugins\libmux_wav_plugin.dll
2007-01-04 14:01 9216 --a------ C:\Program Files\VLC\plugins\libi420_yuy2_plugin.dll
2007-01-04 14:01 9216 --a------ C:\Program Files\VLC\plugins\libh264_plugin.dll
2007-01-04 14:01 9216 --a------ C:\Program Files\VLC\plugins\libflac_plugin.dll
2007-01-04 14:01 9216 --a------ C:\Program Files\VLC\plugins\libdtssys_plugin.dll
2007-01-04 14:01 9216 --a------ C:\Program Files\VLC\plugins\libaccess_fake_plugin.dll
2007-01-04 14:01 90152 --a------ C:\Program Files\VLC\locale\da\LC_MESSAGES\vlc.mo
2007-01-04 14:01 8887 --a------ C:\Program Files\VLC\skins\skin.dtd
2007-01-04 14:01 8717 --a------ C:\Program Files\VLC\locale\nn\LC_MESSAGES\vlc.mo
2007-01-04 14:01 8704 --a------ C:\Program Files\VLC\plugins\libstream_out_gather_plugin.dll
2007-01-04 14:01 8704 --a------ C:\Program Files\VLC\plugins\libshowintf_plugin.dll
2007-01-04 14:01 8704 --a------ C:\Program Files\VLC\plugins\librawvideo_plugin.dll
2007-01-04 14:01 8704 --a------ C:\Program Files\VLC\plugins\libpodcast_plugin.dll
2007-01-04 14:01 8704 --a------ C:\Program Files\VLC\plugins\libpacketizer_copy_plugin.dll
2007-01-04 14:01 8704 --a------ C:\Program Files\VLC\plugins\libmux_mpjpeg_plugin.dll
2007-01-04 14:01 8704 --a------ C:\Program Files\VLC\plugins\liblpcm_plugin.dll
2007-01-04 14:01 8704 --a------ C:\Program Files\VLC\plugins\libfloat32tou16_plugin.dll
2007-01-04 14:01 8704 --a------ C:\Program Files\VLC\plugins\libau_plugin.dll
2007-01-04 14:01 8704 --a------ C:\Program Files\VLC\plugins\liba52sys_plugin.dll
2007-01-04 14:01 86358 --a------ C:\Program Files\VLC\http\favicon.ico
2007-01-04 14:01 84992 --a------ C:\Program Files\VLC\plugins\libhttp_plugin.dll
2007-01-04 14:01 83565 --a------ C:\Program Files\VLC\locale\ja\LC_MESSAGES\vlc.mo
2007-01-04 14:01 82604 --a------ C:\Program Files\VLC\locale\ka\LC_MESSAGES\vlc.mo
2007-01-04 14:01 8192 --a------ C:\Program Files\VLC\plugins\libxa_plugin.dll
2007-01-04 14:01 8192 --a------ C:\Program Files\VLC\plugins\libtrivial_channel_mixer_plugin.dll
2007-01-04 14:01 8192 --a------ C:\Program Files\VLC\plugins\libstream_out_display_plugin.dll
2007-01-04 14:01 8192 --a------ C:\Program Files\VLC\plugins\libmpgv_plugin.dll
2007-01-04 14:01 8192 --a------ C:\Program Files\VLC\plugins\libm4v_plugin.dll
2007-01-04 14:01 8192 --a------ C:\Program Files\VLC\plugins\libm4a_plugin.dll
2007-01-04 14:01 8192 --a------ C:\Program Files\VLC\plugins\libi422_yuy2_plugin.dll
2007-01-04 14:01 8192 --a------ C:\Program Files\VLC\plugins\libfloat32tou8_plugin.dll
2007-01-04 14:01 8192 --a------ C:\Program Files\VLC\plugins\libfloat32tos8_plugin.dll
2007-01-04 14:01 8192 --a------ C:\Program Files\VLC\plugins\libfloat32_mixer_plugin.dll
2007-01-04 14:01 8192 --a------ C:\Program Files\VLC\plugins\libdemuxdump_plugin.dll
2007-01-04 14:01 80896 --a------ C:\Program Files\VLC\plugins\libts_plugin.dll
2007-01-04 14:01 7988 --a------ C:\Program Files\VLC\AUTHORS.txt
2007-01-04 14:01 78724 --a------ C:\Program Files\VLC\locale\pt_BR\LC_MESSAGES\vlc.mo
2007-01-04 14:01 77356 --a------ C:\Program Files\VLC\locale\he\LC_MESSAGES\vlc.mo
2007-01-04 14:01 7680 --a------ C:\Program Files\VLC\plugins\libstream_out_description_plugin.dll
2007-01-04 14:01 7680 --a------ C:\Program Files\VLC\plugins\libsimple_channel_mixer_plugin.dll
2007-01-04 14:01 7680 --a------ C:\Program Files\VLC\plugins\libs16tofloat32swab_plugin.dll
2007-01-04 14:01 7680 --a------ C:\Program Files\VLC\plugins\libs16tofloat32_plugin.dll
2007-01-04 14:01 7680 --a------ C:\Program Files\VLC\plugins\libmux_dummy_plugin.dll
2007-01-04 14:01 7680 --a------ C:\Program Files\VLC\plugins\libfixed32tofloat32_plugin.dll
2007-01-04 14:01 7680 --a------ C:\Program Files\VLC\plugins\libdtstospdif_plugin.dll
2007-01-04 14:01 7680 --a------ C:\Program Files\VLC\plugins\libaccess_tcp_plugin.dll
2007-01-04 14:01 762 --a------ C:\Program Files\VLC\http\old\admin\dboxfiles.html
2007-01-04 14:01 75776 --a------ C:\Program Files\VLC\plugins\libportaudio_plugin.dll
2007-01-04 14:01 734 --a------ C:\Program Files\VLC\locale\af\LC_MESSAGES\vlc.mo
2007-01-04 14:01 72566 --a------ C:\Program Files\VLC\locale\cs\LC_MESSAGES\vlc.mo
2007-01-04 14:01 7168 --a------ C:\Program Files\VLC\plugins\libugly_resampler_plugin.dll
2007-01-04 14:01 7168 --a------ C:\Program Files\VLC\plugins\libu8tofloat32_plugin.dll
2007-01-04 14:01 7168 --a------ C:\Program Files\VLC\plugins\libu8tofixed32_plugin.dll
2007-01-04 14:01 7168 --a------ C:\Program Files\VLC\plugins\libtrivial_mixer_plugin.dll
2007-01-04 14:01 7168 --a------ C:\Program Files\VLC\plugins\libscale_plugin.dll
2007-01-04 14:01 7168 --a------ C:\Program Files\VLC\plugins\libs8tofloat32_plugin.dll
2007-01-04 14:01 7168 --a------ C:\Program Files\VLC\plugins\libs16tofixed32_plugin.dll
2007-01-04 14:01 7168 --a------ C:\Program Files\VLC\plugins\librv32_plugin.dll
2007-01-04 14:01 7168 --a------ C:\Program Files\VLC\plugins\libfloat32tos16_plugin.dll
2007-01-04 14:01 7168 --a------ C:\Program Files\VLC\plugins\libfixed32tos16_plugin.dll
2007-01-04 14:01 7134 --a------ C:\Program Files\VLC\http\requests\status.xml
2007-01-04 14:01 6656 --a------ C:\Program Files\VLC\plugins\libtrivial_resampler_plugin.dll
2007-01-04 14:01 6656 --a------ C:\Program Files\VLC\plugins\libspdif_mixer_plugin.dll
2007-01-04 14:01 6656 --a------ C:\Program Files\VLC\plugins\libmemcpy_plugin.dll
2007-01-04 14:01 6656 --a------ C:\Program Files\VLC\plugins\libaccess_output_dummy_plugin.dll
2007-01-04 14:01 6656 --a------ C:\Program Files\VLC\plugins\liba52tospdif_plugin.dll
2007-01-04 14:01 650240 --a------ C:\Program Files\VLC\axvlc.dll
2007-01-04 14:01 64884 --a------ C:\Program Files\VLC\locale\ro\LC_MESSAGES\vlc.mo
2007-01-04 14:01 64228 --a------ C:\Program Files\VLC\skins\fonts\FreeSansBold.ttf
2007-01-04 14:01 6305 --a------ C:\Program Files\VLC\http\dialogs\mosaic
2007-01-04 14:01 630 --a------ C:\Program Files\VLC\locale\co\LC_MESSAGES\vlc.mo
2007-01-04 14:01 630 --a------ C:\Program Files\VLC\http\old\info.html
2007-01-04 14:01 6208 --a------ C:\Program Files\VLC\http\dialogs\main
2007-01-04 14:01 61952 --a------ C:\Program Files\VLC\plugins\libmux_ps_plugin.dll
2007-01-04 14:01 618 --a------ C:\Program Files\VLC\http\images\vlc16x16.png
2007-01-04 14:01 6144 --a------ C:\Program Files\VLC\plugins\libi420_ymga_plugin.dll
2007-01-04 14:01 60651 --a------ C:\Program Files\VLC\locale\tr\LC_MESSAGES\vlc.mo
2007-01-04 14:01 606 --a------ C:\Program Files\VLC\vlc.exe.manifest
2007-01-04 14:01 601343 --a------ C:\Program Files\VLC\locale\ne\LC_MESSAGES\vlc.mo
2007-01-04 14:01 5977 --a------ C:\Program Files\VLC\http\old\vlm\index.html
2007-01-04 14:01 58880 --a------ C:\Program Files\VLC\plugins\libmpc_plugin.dll
2007-01-04 14:01 5869 --a------ C:\Program Files\VLC\http\dialogs\playlist
2007-01-04 14:01 57856 --a------ C:\Program Files\VLC\plugins\libavi_plugin.dll
2007-01-04 14:01 5638 --a------ C:\Program Files\VLC\locale\hi\LC_MESSAGES\vlc.mo
2007-01-04 14:01 5632 --a------ C:\Program Files\VLC\plugins\libstream_out_dummy_plugin.dll
2007-01-04 14:01 54784 --a------ C:\Program Files\VLC\plugins\libmux_mp4_plugin.dll
2007-01-04 14:01 5360 --a------ C:\Program Files\VLC\locale\nb\LC_MESSAGES\vlc.mo
2007-01-04 14:01 52736 --a------ C:\Program Files\VLC\plugins\libsap_plugin.dll
2007-01-04 14:01 51712 --a------ C:\Program Files\VLC\plugins\libstream_out_transcode_plugin.dll
2007-01-04 14:01 510976 --a------ C:\Program Files\VLC\plugins\libx264_plugin.dll
2007-01-04 14:01 50688 --a------ C:\Program Files\VLC\plugins\libasf_plugin.dll
2007-01-04 14:01 50148 --a------ C:\Program Files\VLC\locale\zh_TW\LC_MESSAGES\vlc.mo
2007-01-04 14:01 4916 --a------ C:\Program Files\VLC\http\style.css
2007-01-04 14:01 489472 --a------ C:\Program Files\VLC\plugins\libfreetype_plugin.dll
2007-01-04 14:01 48408 --a------ C:\Program Files\VLC\locale\ko\LC_MESSAGES\vlc.mo
2007-01-04 14:01 47616 --a------ C:\Program Files\VLC\plugins\libstream_out_rtp_plugin.dll
2007-01-04 14:01 47616 --a------ C:\Program Files\VLC\plugins\librc_plugin.dll
2007-01-04 14:01 469504 --a------ C:\Program Files\VLC\plugins\libaccess_output_shout_plugin.dll
2007-01-04 14:01 45568 --a------ C:\Program Files\VLC\plugins\libplaylist_plugin.dll
2007-01-04 14:01 45056 --a------ C:\Program Files\VLC\plugins\libaccess_realrtsp_plugin.dll
2007-01-04 14:01 4505 --a------ C:\Program Files\VLC\http\requests\vlm.xml
2007-01-04 14:01 450386 --a------ C:\Program Files\VLC\locale\ru\LC_MESSAGES\vlc.mo
2007-01-04 14:01 446 --a------ C:\Program Files\VLC\http\images\speaker_mute.png
2007-01-04 14:01 44544 --a------ C:\Program Files\VLC\plugins\libaccess_mms_plugin.dll
2007-01-04 14:01 4432 --a------ C:\Program Files\VLC\http\old\admin\index.html
2007-01-04 14:01 43681 --a------ C:\Program Files\VLC\NEWS.txt
2007-01-04 14:01 41472 --a------ C:\Program Files\VLC\plugins\libvout_directx_plugin.dll
2007-01-04 14:01 4123648 --a------ C:\Program Files\VLC\plugins\libffmpeg_plugin.dll
2007-01-04 14:01 411826 --a------ C:\Program Files\VLC\locale\sk\LC_MESSAGES\vlc.mo
2007-01-04 14:01 40960 --a------ C:\Program Files\VLC\plugins\liba52tofloat32_plugin.dll
2007-01-04 14:01 37888 --a------ C:\Program Files\VLC\plugins\libogg_plugin.dll
2007-01-04 14:01 37476 --a------ C:\Program Files\VLC\http\js\functions.js
2007-01-04 14:01 371604 --a------ C:\Program Files\VLC\locale\ms\LC_MESSAGES\vlc.mo
2007-01-04 14:01 370118 --a------ C:\Program Files\VLC\locale\de\LC_MESSAGES\vlc.mo
2007-01-04 14:01 36864 --a------ C:\Program Files\VLC\plugins\libaudio_format_plugin.dll
2007-01-04 14:01 36553 --a------ C:\Program Files\VLC\locale\eu\LC_MESSAGES\vlc.mo
2007-01-04 14:01 364861 --a------ C:\Program Files\VLC\locale\sl\LC_MESSAGES\vlc.mo
2007-01-04 14:01 363764 --a------ C:\Program Files\VLC\locale\fr\LC_MESSAGES\vlc.mo
2007-01-04 14:01 36064 --a------ C:\Program Files\VLC\locale\en_GB\LC_MESSAGES\vlc.mo
2007-01-04 14:01 34304 --a------ C:\Program Files\VLC\plugins\libdeinterlace_plugin.dll
2007-01-04 14:01 3401 --a------ C:\Program Files\VLC\http\old\vlm\edit.html
2007-01-04 14:01 3352 --a------ C:\Program Files\VLC\http\old\vlm\show.html
2007-01-04 14:01 32768 --a------ C:\Program Files\VLC\plugins\libmosaic_plugin.dll
2007-01-04 14:01 31843 --a------ C:\Program Files\VLC\skins\winamp2.xml
2007-01-04 14:01 31462 --a------ C:\Program Files\VLC\locale\oc\LC_MESSAGES\vlc.mo
2007-01-04 14:01 31350 --a------ C:\Program Files\VLC\http\js\vlm.js
2007-01-04 14:01 31232 --a------ C:\Program Files\VLC\plugins\libdirect3d_plugin.dll
2007-01-04 14:01 301 --a------ C:\Program Files\VLC\http\vlm_export.html
2007-01-04 14:01 297472 --a------ C:\Program Files\VLC\plugins\libsdl_image_plugin.dll
2007-01-04 14:01 29696 --a------ C:\Program Files\VLC\plugins\libmux_asf_plugin.dll
2007-01-04 14:01 293490 --a------ C:\Program Files\VLC\locale\hu\LC_MESSAGES\vlc.mo
2007-01-04 14:01 2925 --a------ C:\Program Files\VLC\http\requests\playlist.xml
2007-01-04 14:01 291840 --a------ C:\Program Files\VLC\plugins\libfaad_plugin.dll
2007-01-04 14:01 290088 --a------ C:\Program Files\VLC\locale\gl\LC_MESSAGES\vlc.mo
2007-01-04 14:01 28672 --a------ C:\Program Files\VLC\plugins\libvod_rtsp_plugin.dll
2007-01-04 14:01 28672 --a------ C:\Program Files\VLC\plugins\libvisual_plugin.dll
2007-01-04 14:01 28672 --a------ C:\Program Files\VLC\plugins\libi420_rgb_plugin.dll
2007-01-04 14:01 2781696 --a------ C:\Program Files\VLC\plugins\libwxwidgets_plugin.dll
2007-01-04 14:01 277 --a------ C:\Program Files\VLC\http\images\refresh.png
2007-01-04 14:01 2763 --a------ C:\Program Files\VLC\MAINTAINERS.txt
2007-01-04 14:01 27428 --a------ C:\Program Files\VLC\locale\fur\LC_MESSAGES\vlc.mo
2007-01-04 14:01 27136 --a------ C:\Program Files\VLC\plugins\libps_plugin.dll
2007-01-04 14:01 27136 --a------ C:\Program Files\VLC\plugins\libaccess_http_plugin.dll
2007-01-04 14:01 2696704 --a------ C:\Program Files\VLC\libvlc.dll
2007-01-04 14:01 269 --a------ C:\Program Files\VLC\http\images\speaker.png
2007-01-04 14:01 2680 --a------ C:\Program Files\VLC\http\old\vlm\new.html
2007-01-04 14:01 266866 --a------ C:\Program Files\VLC\locale\es\LC_MESSAGES\vlc.mo
2007-01-04 14:01 256627 --a------ C:\Program Files\VLC\skins\fonts\FreeSans.ttf
2007-01-04 14:01 256000 --a------ C:\Program Files\VLC\plugins\libmod_plugin.dll
2007-01-04 14:01 25600 --a------ C:\Program Files\VLC\plugins\libmux_ogg_plugin.dll
2007-01-04 14:01 25600 --a------ C:\Program Files\VLC\plugins\libcmml_plugin.dll
2007-01-04 14:01 2523 --a------ C:\Program Files\VLC\http\index.html
2007-01-04 14:01 2520 --a------ C:\Program Files\VLC\http\old\admin\browse.html
2007-01-04 14:01 2510 --a------ C:\Program Files\VLC\locale\pa\LC_MESSAGES\vlc.mo
2007-01-04 14:01 2480 --a------ C:\Program Files\VLC\http\requests\readme.txt
2007-01-04 14:01 24576 --a------ C:\Program Files\VLC\plugins\libdistort_plugin.dll
2007-01-04 14:01 24576 --a------ C:\Program Files\VLC\plugins\libcdda_plugin.dll
2007-01-04 14:01 237 --a------ C:\Program Files\VLC\http\images\slider_point.png
2007-01-04 14:01 23552 --a------ C:\Program Files\VLC\plugins\libdmo_plugin.dll
2007-01-04 14:01 2355 --a------ C:\Program Files\VLC\osdmenu\default\volume\volume_02.png
2007-01-04 14:01 2355 --a------ C:\Program Files\VLC\http\mosaic.html
2007-01-04 14:01 2354 --a------ C:\Program Files\VLC\osdmenu\default\volume\volume_08.png
2007-01-04 14:01 2353 --a------ C:\Program Files\VLC\osdmenu\default\volume\volume_03.png
2007-01-04 14:01 2341 --a------ C:\Program Files\VLC\osdmenu\default\volume\volume_07.png
2007-01-04 14:01 2330 --a------ C:\Program Files\VLC\osdmenu\default\volume\volume_06.png
2007-01-04 14:01 2330 --a------ C:\Program Files\VLC\osdmenu\default\volume\volume_04.png
2007-01-04 14:01 2329 --a------ C:\Program Files\VLC\osdmenu\default\volume\volume_05.png
2007-01-04 14:01 23040 --a------ C:\Program Files\VLC\plugins\libvcd_plugin.dll
2007-01-04 14:01 23040 --a------ C:\Program Files\VLC\plugins\libglwin32_plugin.dll
2007-01-04 14:01 23040 --a------ C:\Program Files\VLC\plugins\libbandlimited_resampler_plugin.dll
2007-01-04 14:01 229 --a------ C:\Program Files\VLC\http\images\info.png
2007-01-04 14:01 2275 --a------ C:\Program Files\VLC\locale\ar\LC_MESSAGES\vlc.mo
2007-01-04 14:01 225 --a------ C:\Program Files\VLC\http\images\volume_up.png
2007-01-04 14:01 2245 --a------ C:\Program Files\VLC\osdmenu\default\volume\volume_09.png
2007-01-04 14:01 2228 --a------ C:\Program Files\VLC\osdmenu\dvd\volume\volume03.png
2007-01-04 14:01 2226 --a------ C:\Program Files\VLC\osdmenu\dvd\volume\volume02.png
2007-01-04 14:01 2206 --a------ C:\Program Files\VLC\osdmenu\default\volume\volume_01.png
2007-01-04 14:01 22016 --a------ C:\Program Files\VLC\plugins\libreal_plugin.dll
2007-01-04 14:01 22016 --a------ C:\Program Files\VLC\plugins\libmux_avi_plugin.dll
2007-01-04 14:01 21504 --a------ C:\Program Files\VLC\plugins\libpacketizer_h264_plugin.dll
2007-01-04 14:01 21504 --a------ C:\Program Files\VLC\plugins\libcaca_plugin.dll
2007-01-04 14:01 21504 --a------ C:\Program Files\VLC\plugins\libaraw_plugin.dll
2007-01-04 14:01 2137 --a------ C:\Program Files\VLC\osdmenu\dvd\volume\volume04.png
2007-01-04 14:01 2134 --a------ C:\Program Files\VLC\osdmenu\dvd\volume\volume01.png
2007-01-04 14:01 209 --a------ C:\Program Files\VLC\http\images\volume_down.png
2007-01-04 14:01 208384 --a------ C:\Program Files\VLC\plugins\libgoom_plugin.dll
2007-01-04 14:01 208 --a------ C:\Program Files\VLC\http\images\plus.png
2007-01-04 14:01 205312 --a------ C:\Program Files\VLC\plugins\libdvdnav_plugin.dll
2007-01-04 14:01 20480 --a------ C:\Program Files\VLC\plugins\libsubtitle_plugin.dll
2007-01-04 14:01 20480 --a------ C:\Program Files\VLC\plugins\liblogo_plugin.dll
2007-01-04 14:01 20480 --a------ C:\Program Files\VLC\plugins\libhotkeys_plugin.dll
2007-01-04 14:01 2040 --a------ C:\Program Files\VLC\http\vlm.html
2007-01-04 14:01 204 --a------ C:\Program Files\VLC\http\images\slider_right.png
2007-01-04 14:01 204 --a------ C:\Program Files\VLC\http\images\minus.png
2007-01-04 14:01 203 --a------ C:\Program Files\VLC\http\images\slider_left.png
2007-01-04 14:01 203 --a------ C:\Program Files\VLC\http\images\help.png
2007-01-04 14:01 2007 --a------ C:\Program Files\VLC\http\dialogs\browse
2007-01-04 14:01 19968 --a------ C:\Program Files\VLC\plugins\librss_plugin.dll
2007-01-04 14:01 198 --a------ C:\Program Files\VLC\http\images\delete.png
2007-01-04 14:01 194560 --a------ C:\Program Files\VLC\plugins\libtheora_plugin.dll
2007-01-04 14:01 1945 --a------ C:\Program Files\VLC\http\requests\browse.xml
2007-01-04 14:01 194 --a------ C:\Program Files\VLC\http\images\sd.png
2007-01-04 14:01 194 --a------ C:\Program Files\VLC\http\images\fullscreen.png
2007-01-04 14:01 193089 --a------ C:\Program Files\VLC\locale\zh_CN\LC_MESSAGES\vlc.mo
2007-01-04 14:01 192749 --a------ C:\Program Files\VLC\locale\it\LC_MESSAGES\vlc.mo
2007-01-04 14:01 190 --a------ C:\Program Files\VLC\http\images\slider_bar.png
2007-01-04 14:01 18944 --a------ C:\Program Files\VLC\plugins\libblend_plugin.dll
2007-01-04 14:01 188146 --a------ C:\Program Files\VLC\locale\sv\LC_MESSAGES\vlc.mo
2007-01-04 14:01 18432 --a------ C:\Program Files\VLC\plugins\libmagnify_plugin.dll
2007-01-04 14:01 18432 --a------ C:\Program Files\VLC\plugins\libequalizer_plugin.dll
2007-01-04 14:01 18432 --a------ C:\Program Files\VLC\plugins\libaout_directx_plugin.dll
2007-01-04 14:01 18332 --a------ C:\Program Files\VLC\COPYING.txt
2007-01-04 14:01 1830400 --a------ C:\Program Files\VLC\plugins\libgnutls_plugin.dll
2007-01-04 14:01 182 --a------ C:\Program Files\VLC\http\images\sort.png
2007-01-04 14:01 1818624 --a------ C:\Program Files\VLC\plugins\libskins2_plugin.dll
2007-01-04 14:01 180 --a------ C:\Program Files\VLC\http\images\shuffle.png
2007-01-04 14:01 17920 --a------ C:\Program Files\VLC\plugins\libadjust_plugin.dll
2007-01-04 14:01 179 --a------ C:\Program Files\VLC\http\images\repeat.png
2007-01-04 14:01 178 --a------ C:\Program Files\VLC\http\images\play.png
2007-01-04 14:01 178 --a------ C:\Program Files\VLC\http\images\empty.png
2007-01-04 14:01 175104 --a------ C:\Program Files\VLC\plugins\libpng_plugin.dll
2007-01-04 14:01 17408 --a------ C:\Program Files\VLC\plugins\libwingdi_plugin.dll
2007-01-04 14:01 17408 --a------ C:\Program Files\VLC\plugins\libty_plugin.dll
2007-01-04 14:01 17408 --a------ C:\Program Files\VLC\plugins\libsubsdec_plugin.dll
2007-01-04 14:01 1737 --a------ C:\Program Files\VLC\osdmenu\dvd.cfg
2007-01-04 14:01 173 --a------ C:\Program Files\VLC\http\images\loop.png
2007-01-04 14:01 172 --a------ C:\Program Files\VLC\http\images\sout.png
2007-01-04 14:01 169 --a------ C:\Program Files\VLC\http\images\white.png
2007-01-04 14:01 16896 --a------ C:\Program Files\VLC\plugins\libadpcm_plugin.dll
2007-01-04 14:01 167 --a------ C:\Program Files\VLC\skins\skin.catalog
2007-01-04 14:01 165 --a------ C:\Program Files\VLC\http\images\white_cross_small.png
2007-01-04 14:01 165 --a------ C:\Program Files\VLC\http\images\delete_small.png
2007-01-04 14:01 16384 --a------ C:\Program Files\VLC\plugins\libwaveout_plugin.dll
2007-01-04 14:01 16384 --a------ C:\Program Files\VLC\plugins\libvobsub_plugin.dll
2007-01-04 14:01 16384 --a------ C:\Program Files\VLC\plugins\libdummy_plugin.dll
2007-01-04 14:01 163 --a------ C:\Program Files\VLC\http\images\slow.png
2007-01-04 14:01 163 --a------ C:\Program Files\VLC\http\images\prev.png
2007-01-04 14:01 162 --a------ C:\Program Files\VLC\http\images\next.png
2007-01-04 14:01 1612 --a------ C:\Program Files\VLC\http\dialogs\footer
2007-01-04 14:01 15872 --a------ C:\Program Files\VLC\plugins\libwall_plugin.dll
2007-01-04 14:01 15872 --a------ C:\Program Files\VLC\plugins\libnuv_plugin.dll
2007-01-04 14:01 1585 --a------ C:\Program Files\VLC\osdmenu\default\volume\volume_10.png
2007-01-04 14:01 1551 --a------ C:\Program Files\VLC\locale\lt\LC_MESSAGES\vlc.mo
2007-01-04 14:01 155 --a------ C:\Program Files\VLC\http\images\eject.png
2007-01-04 14:01 15360 --a------ C:\Program Files\VLC\plugins\libpacketizer_mpeg4video_plugin.dll
2007-01-04 14:01 1511 --a------ C:\Program Files\VLC\http\requests\vlm_cmd.xml
2007-01-04 14:01 1496 --a------ C:\Program Files\VLC\osdmenu\dvd\volume\volume05.png
2007-01-04 14:01 149 --a------ C:\Program Files\VLC\http\images\pause.png
2007-01-04 14:01 148992 --a------ C:\Program Files\VLC\plugins\libdtstofloat32_plugin.dll
2007-01-04 14:01 1484 --a------ C:\Program Files\VLC\http\old\webcam.html
2007-01-04 14:01 147 --a------ C:\Program Files\VLC\http\images\playlist.png
2007-01-04 14:01 1462 --a------ C:\Program Files\VLC\osdmenu\default.cfg
2007-01-04 14:01 146 --a------ C:\Program Files\VLC\http\images\stop.png
2007-01-04 14:01 1458 --a------ C:\Program Files\VLC\osdmenu\default\volume\volume_00.png
2007-01-04 14:01 145 --a------ C:\Program Files\VLC\http\images\playlist_small.png
2007-01-04 14:01 14336 --a------ C:\Program Files\VLC\plugins\libopengl_plugin.dll
2007-01-04 14:01 14336 --a------ C:\Program Files\VLC\plugins\libaccess_ftp_plugin.dll
2007-01-04 14:01 1426 --a------ C:\Program Files\VLC\http\iehacks.css
2007-01-04 14:01 14095 --a------ C:\Program Files\VLC\osdmenu\dvd\selected\pause.png
2007-01-04 14:01 140946 --a------ C:\Program Files\VLC\locale\ca\LC_MESSAGES\vlc.mo
2007-01-04 14:01 13992 --a------ C:\Program Files\VLC\osdmenu\dvd\selected\slow.png
2007-01-04 14:01 13932 --a------ C:\Program Files\VLC\osdmenu\dvd\selection\pause.png
2007-01-04 14:01 1391 --a------ C:\Program Files\VLC\osdmenu\dvd\volume\volume00.png
2007-01-04 14:01 13909 --a------ C:\Program Files\VLC\osdmenu\dvd\selection\slow.png
2007-01-04 14:01 13867 --a------ C:\Program Files\VLC\osdmenu\dvd\selected\volume.png
2007-01-04 14:01 13867 --a------ C:\Program Files\VLC\osdmenu\dvd\selected\mute.png
2007-01-04 14:01 13844 --a------ C:\Program Files\VLC\osdmenu\dvd\selected\esc.png
2007-01-04 14:01 138240 --a------ C:\Program Files\VLC\plugins\libmp4_plugin.dll
2007-01-04 14:01 13824 --a------ C:\Program Files\VLC\plugins\libtelnet_plugin.dll
2007-01-04 14:01 13824 --a------ C:\Program Files\VLC\plugins\libstream_out_standard_plugin.dll
2007-01-04 14:01 13824 --a------ C:\Program Files\VLC\plugins\libspudec_plugin.dll
2007-01-04 14:01 13824 --a------ C:\Program Files\VLC\plugins\libaccess_output_udp_plugin.dll
2007-01-04 14:01 13692 --a------ C:\Program Files\VLC\osdmenu\dvd\selected\stop.png
2007-01-04 14:01 13689 --a------ C:\Program Files\VLC\osdmenu\dvd\selection\mute.png
2007-01-04 14:01 13684 --a------ C:\Program Files\VLC\osdmenu\dvd\selection\esc.png
2007-01-04 14:01 13645 --a------ C:\Program Files\VLC\osdmenu\dvd\selected\bw.png
2007-01-04 14:01 13587 --a------ C:\Program Files\VLC\osdmenu\dvd\selected\fw.png
2007-01-04 14:01 13539 --a------ C:\Program Files\VLC\osdmenu\dvd\selection\stop.png
2007-01-04 14:01 13530 --a------ C:\Program Files\VLC\osdmenu\dvd\selected\previous.png
2007-01-04 14:01 1352 --a------ C:\Program Files\VLC\http\old\style.css
2007-01-04 14:01 13500 --a------ C:\Program Files\VLC\osdmenu\dvd\selected\next.png
2007-01-04 14:01 13469 --a------ C:\Program Files\VLC\osdmenu\dvd\selection\bw.png
2007-01-04 14:01 134656 --a------ C:\Program Files\VLC\plugins\libflacdec_plugin.dll
2007-01-04 14:01 134656 --a------ C:\Program Files\VLC\plugins\libdvdread_plugin.dll
2007-01-04 14:01 13443 --a------ C:\Program Files\VLC\osdmenu\dvd\selection\fw.png
2007-01-04 14:01 13365 --a------ C:\Program Files\VLC\osdmenu\dvd\selection\previous.png
2007-01-04 14:01 13318 --a------ C:\Program Files\VLC\osdmenu\dvd\selection\next.png
2007-01-04 14:01 13312 --a------ C:\Program Files\VLC\plugins\libtransform_plugin.dll
2007-01-04 14:01 13312 --a------ C:\Program Files\VLC\plugins\libstream_out_mosaic_bridge_plugin.dll
2007-01-04 14:01 13312 --a------ C:\Program Files\VLC\plugins\libnsv_plugin.dll
2007-01-04 14:01 13312 --a------ C:\Program Files\VLC\plugins\libmotionblur_plugin.dll
2007-01-04 14:01 13312 --a------ C:\Program Files\VLC\plugins\libcinepak_plugin.dll
2007-01-04 14:01 13312 --a------ C:\Program Files\VLC\plugins\libaccess_directory_plugin.dll
2007-01-04 14:01 1284 --a------ C:\Program Files\VLC\locale\sq\LC_MESSAGES\vlc.mo
2007-01-04 14:01 12800 --a------ C:\Program Files\VLC\plugins\libxtag_plugin.dll
2007-01-04 14:01 12800 --a------ C:\Program Files\VLC\plugins\libwav_plugin.dll
2007-01-04 14:01 12800 --a------ C:\Program Files\VLC\plugins\libstream_out_bridge_plugin.dll
2007-01-04 14:01 12800 --a------ C:\Program Files\VLC\plugins\libpacketizer_mpegvideo_plugin.dll
2007-01-04 14:01 12800 --a------ C:\Program Files\VLC\plugins\libmpeg_audio_plugin.dll
2007-01-04 14:01 12800 --a------ C:\Program Files\VLC\plugins\libm3u_plugin.dll
2007-01-04 14:01 12800 --a------ C:\Program Files\VLC\plugins\liblogger_plugin.dll
2007-01-04 14:01 12800 --a------ C:\Program Files\VLC\plugins\libdts_plugin.dll
2007-01-04 14:01 12800 --a------ C:\Program Files\VLC\plugins\libcrop_plugin.dll
2007-01-04 14:01 12800 --a------ C:\Program Files\VLC\plugins\libaccess_udp_plugin.dll
2007-01-04 14:01 12706 --a------ C:\Program Files\VLC\osdmenu\default\selection\esc.png
2007-01-04 14:01 12689 --a------ C:\Program Files\VLC\osdmenu\default\selection\volume.png
2007-01-04 14:01 12688 --a------ C:\Program Files\VLC\osdmenu\dvd\selection\play.png
2007-01-04 14:01 12640 --a------ C:\Program Files\VLC\osdmenu\default\selected\esc.png
2007-01-04 14:01 12620 --a------ C:\Program Files\VLC\osdmenu\default\selected\volume.png
2007-01-04 14:01 12577 --a------ C:\Program Files\VLC\http\dialogs\sout
2007-01-04 14:01 125526 --a------ C:\Program Files\VLC\skins\default.vlt
2007-01-04 14:01 12469 --a------ C:\Program Files\VLC\osdmenu\default\selection\bw.png
2007-01-04 14:01 12452 --a------ C:\Program Files\VLC\osdmenu\default\selection\fw.png
2007-01-04 14:01 12446 --a------ C:\Program Files\VLC\osdmenu\default\selection\stop.png
2007-01-04 14:01 12401 --a------ C:\Program Files\VLC\osdmenu\default\selected\bw.png
2007-01-04 14:01 12354 --a------ C:\Program Files\VLC\osdmenu\default\selected\fw.png
2007-01-04 14:01 12347 --a------ C:\Program Files\VLC\osdmenu\default\selection\previous.png
2007-01-04 14:01 12341 --a------ C:\Program Files\VLC\osdmenu\default\selected\stop.png
2007-01-04 14:01 12312 --a------ C:\Program Files\VLC\osdmenu\default\selection\next.png
2007-01-04 14:01 12304 --a------ C:\Program Files\VLC\osdmenu\dvd\selected\play.png
2007-01-04 14:01 12292 --a------ C:\Program Files\VLC\osdmenu\default\selected\previous.png
2007-01-04 14:01 12288 --a------ C:\Program Files\VLC\plugins\libpva_plugin.dll
2007-01-04 14:01 12288 --a------ C:\Program Files\VLC\plugins\libmotiondetect_plugin.dll
2007-01-04 14:01 12288 --a------ C:\Program Files\VLC\plugins\libmarq_plugin.dll
2007-01-04 14:01 12288 --a------ C:\Program Files\VLC\plugins\libipv4_plugin.dll
2007-01-04 14:01 12288 --a------ C:\Program Files\VLC\plugins\libaccess_filter_timeshift_plugin.dll
2007-01-04 14:01 12288 --a------ C:\Program Files\VLC\plugins\libaccess_file_plugin.dll
2007-01-04 14:01 12263 --a------ C:\Program Files\VLC\osdmenu\default\selected\next.png
2007-01-04 14:01 12100 --a------ C:\Program Files\VLC\osdmenu\default\unselected.png
2007-01-04 14:01 118784 --a------ C:\Program Files\VLC\plugins\libdshow_plugin.dll
2007-01-04 14:01 11808 --a------ C:\Program Files\VLC\osdmenu\dvd\unselect\barroff.png
2007-01-04 14:01 11776 --a------ C:\Program Files\VLC\plugins\libvoc_plugin.dll
2007-01-04 14:01 11776 --a------ C:\Program Files\VLC\plugins\libparam_eq_plugin.dll
2007-01-04 14:01 11776 --a------ C:\Program Files\VLC\plugins\libosdmenu_plugin.dll
2007-01-04 14:01 11776 --a------ C:\Program Files\VLC\plugins\libmpga_plugin.dll
2007-01-04 14:01 11776 --a------ C:\Program Files\VLC\plugins\libmjpeg_plugin.dll
2007-01-04 14:01 11776 --a------ C:\Program Files\VLC\plugins\libheadphone_channel_mixer_plugin.dll
2007-01-04 14:01 11776 --a------ C:\Program Files\VLC\plugins\libexport_plugin.dll
2007-01-04 14:01 11776 --a------ C:\Program Files\VLC\plugins\libcvdsub_plugin.dll
2007-01-04 14:01 11776 --a------ C:\Program Files\VLC\plugins\libclone_plugin.dll
2007-01-04 14:01 1171456 --a------ C:\Program Files\VLC\plugins\libvorbis_plugin.dll
2007-01-04 14:01 11610 --a------ C:\Program Files\VLC\osdmenu\default\selection\play_pause.png
2007-01-04 14:01 116082 --a------ C:\Program Files\VLC\locale\nl\LC_MESSAGES\vlc.mo
2007-01-04 14:01 1157632 --a------ C:\Program Files\VLC\plugins\libxml_plugin.dll
2007-01-04 14:01 11547 --a------ C:\Program Files\VLC\osdmenu\default\selected\play_pause.png
2007-01-04 14:01 114688 --a------ C:\Program Files\VLC\plugins\libid3tag_plugin.dll
2007-01-04 14:01 114482 --a------ C:\Program Files\VLC\locale\th\LC_MESSAGES\vlc.mo
2007-01-04 14:01 11264 --a------ C:\Program Files\VLC\plugins\libtime_plugin.dll
2007-01-04 14:01 11264 --a------ C:\Program Files\VLC\plugins\libsvcdsub_plugin.dll
2007-01-04 14:01 11264 --a------ C:\Program Files\VLC\plugins\libstream_out_duplicate_plugin.dll
2007-01-04 14:01 11264 --a------ C:\Program Files\VLC\plugins\libntservice_plugin.dll
2007-01-04 14:01 11264 --a------ C:\Program Files\VLC\plugins\libaccess_filter_record_plugin.dll
2007-01-04 14:01 112128 --a------ C:\Program Files\VLC\plugins\libtwolame_plugin.dll
2007-01-04 14:01 11205 --a------ C:\Program Files\VLC\locale\lv\LC_MESSAGES\vlc.mo
2007-01-04 14:01 111616 --a------ C:\Program Files\VLC\plugins\liblibmpeg2_plugin.dll
2007-01-04 14:01 11058 --a------ C:\Program Files\VLC\http\js\mosaic.js
2007-01-04 14:01 11050 --a------ C:\Program Files\VLC\THANKS.txt
2007-01-04 14:01 10752 --a------ C:\Program Files\VLC\plugins\libstream_out_es_plugin.dll
2007-01-04 14:01 10752 --a------ C:\Program Files\VLC\plugins\libsgimb_plugin.dll
2007-01-04 14:01 10752 --a------ C:\Program Files\VLC\plugins\libscreen_plugin.dll
2007-01-04 14:01 10752 --a------ C:\Program Files\VLC\plugins\libpacketizer_mpeg4audio_plugin.dll
2007-01-04 14:01 10752 --a------ C:\Program Files\VLC\plugins\libimage_plugin.dll
2007-01-04 14:01 10752 --a------ C:\Program Files\VLC\plugins\libdolby_surround_decoder_plugin.dll
2007-01-04 14:01 10752 --a------ C:\Program Files\VLC\plugins\libaiff_plugin.dll
2007-01-04 14:01 10752 --a------ C:\Program Files\VLC\plugins\libaccess_output_http_plugin.dll
2007-01-04 14:01 10752 --a------ C:\Program Files\VLC\plugins\libaccess_filter_dump_plugin.dll
2007-01-04 14:01 10752 --a------ C:\Program Files\VLC\plugins\liba52_plugin.dll
2007-01-04 14:01 1055 --a------ C:\Program Files\VLC\README.txt
2007-01-04 14:01 105472 --a------ C:\Program Files\VLC\plugins\libdvbsub_plugin.dll
2007-01-04 14:01 104448 --a------ C:\Program Files\VLC\plugins\libspeex_plugin.dll
2007-01-04 14:01 10240 --a------ C:\Program Files\VLC\plugins\librealaudio_plugin.dll
2007-01-04 14:01 10240 --a------ C:\Program Files\VLC\plugins\librawdv_plugin.dll
2007-01-04 14:01 10240 --a------ C:\Program Files\VLC\plugins\libnsc_plugin.dll
2007-01-04 14:01 10240 --a------ C:\Program Files\VLC\plugins\libnetsync_plugin.dll
2007-01-04 14:01 10240 --a------ C:\Program Files\VLC\plugins\libipv6_plugin.dll
2007-01-04 14:01 10240 --a------ C:\Program Files\VLC\plugins\libgrowl_plugin.dll
2007-01-04 14:01 10240 --a------ C:\Program Files\VLC\plugins\libfake_plugin.dll
2007-01-04 14:01 10240 --a------ C:\Program Files\VLC\plugins\libaout_file_plugin.dll
2007-01-04 14:01 10240 --a------ C:\Program Files\VLC\plugins\libaccess_smb_plugin.dll
2007-01-04 14:01 10093 --a------ C:\Program Files\VLC\http\old\index.html
2003-10-22 05:00 77409 --a------ C:\Program Files\VLC\unins000.exe

((((((((((((((((((((((((((((( )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-10 12:55:37 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-11 14:39:28 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
- 2008-01-10 12:55:38 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-11 14:39:28 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
- 2008-01-10 12:55:38 229,376 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-11 14:39:28 700,416 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
- 2008-01-10 12:55:38 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-11 14:39:28 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
- 2003-03-19 07:51:00 18,688 ----a-r C:\WINDOWS\system32\drivers\nv_agp.SYS
+ 2004-04-02 14:40:00 21,760 ----a-w C:\WINDOWS\system32\drivers\nv_agp.SYS
+ 2004-06-03 09:40:46 79,360 ----a-w C:\WINDOWS\system32\drivers\nvatabus.sys
- 2002-11-27 12:52:00 80,896 ----a-r C:\WINDOWS\system32\drivers\NVENET.sys
+ 2004-01-29 00:45:50 93,764 ----a-w C:\WINDOWS\system32\drivers\NVENET.sys
+ 2004-06-03 09:40:48 294,400 ----a-w C:\WINDOWS\system32\idecoi.dll
+ 2004-01-29 01:22:48 31,744 ----a-w C:\WINDOWS\system32\NVCOE.DLL
+ 2004-04-02 14:40:00 32,256 ----a-w C:\WINDOWS\system32\NVCOG.DLL
- 2007-10-04 17:16:48 356,352 ----a-w C:\WINDOWS\system32\nvuide.exe
+ 2004-06-18 13:57:42 172,032 ----a-w C:\WINDOWS\system32\nvuide.exe
- 2007-10-04 17:16:48 356,352 ----a-w C:\WINDOWS\system32\nvumctl.exe
+ 2004-06-24 17:57:40 172,032 ----a-w C:\WINDOWS\system32\nvumctl.exe
+ 2003-03-19 07:51:00 18,688 ----a-r C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\nv_agp.SYS
+ 2007-10-04 17:16:48 356,352 ----a-w C:\WINDOWS\system32\ReinstallBackups\0013\DriverFiles\nvugart.exe
+ 2002-11-27 12:52:00 80,896 ----a-r C:\WINDOWS\system32\ReinstallBackups\0014\DriverFiles\NVENET.sys
+ 2004-08-03 20:59:44 95,360 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\atapi.sys
+ 2001-10-24 09:52:28 3,328 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\pciide.sys
+ 2004-08-03 20:59:42 25,088 ----a-w C:\WINDOWS\system32\ReinstallBackups\0015\DriverFiles\i386\pciidex.sys
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-17 14:49 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-17 14:49 15360]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-11 15:41:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"CHotkey"="mHotkey.exe"
.
Completion time: 2008-01-11 15:42:27
ComboFix-quarantined-files.txt 2008-01-11 14:42:06
ComboFix.txt 2008-01-10 13:06:28
ComboFix2.txt 2008-01-10 21:44:09

[15556] Internetove Stranky (*VYŘEŠENO*)

Dne 11 Leden, 2008 Diallix komentuje:

Tieto subory otestuj na virustotal.com:
C:\WINDOWS\system32\drivers\Winflash.sys
C:\WINDOWS\system32\OggDSuninst.exe

Tuto zlozku poznas?Ak nie, jej obsah tiez uploadni na virustotal.com:
C:\Program Files\Glue mess peak

Tento subor najdi a zmaz.Pokial nepojde, tak v nudzovom rezime ho deletni a zmaz aj zlozku bias grim user enc.
C:\Documents and Settings\All Users\Data aplikací\bias grim user enc\gram bike.exe

Start >> Spustit >> napis regedit
CTRL+F, do ramceka vloz nazov User Enc Proc Curb
a vsetko, co ohladom neho nabehne zmaz tlacitkom DELETE.
Mal by byt vo vetvi :
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
Vetvu daj do vyhladania a vyhladaj. Hodnotu, ktora v nej bude User Enc Proc Curb zmaz deletom.

Pocitac precisti niekolko krat s ccleanerom podla navodu tu:
http://www.viry.cz/node/12221

Potom ako to urobis urob este skan s MWAVOM :
http://www.viry.cz/node/9061

Nezabudni MWAV uploadnut a spravne nastavit podla navodu. Log z dolneho okna sem daj .

[15557] Internetove Stranky (*VYŘEŠENO*)

Dne 12 Leden, 2008 Vlastik komentuje:

Tak vysledky z Virus total.com:
Soubor OggDSuninst.exe přijatý 2008.01.12 11:16:52 (CET)
Výsledek: 0/31 (0%)

Soubor Winflash.sys přijatý 2008.01.12 11:03:12 (CET)
Výsledek: 0/31 (0.00%)

2. Ohledne toho registru dal jsem hledat, ale nic to nenaslo.
3. Ccleanerem jsem to projel 2x dukladne.
4. MWAVOM jsem to projel s nejnovejsi aktualizaci a tady je log:

Sat Jan 12 12:26:17 2008 => ***** Test dokončen, kontrolu proveďte na www.viry.cz. *****

Sat Jan 12 12:26:17 2008 => Testovaných objektů: 92100
Sat Jan 12 12:26:17 2008 => Kritických objektů: 12
Sat Jan 12 12:26:17 2008 => Celkem vyléčených objektů: 0
Sat Jan 12 12:26:17 2008 => Celkem přejmenováno: 0
Sat Jan 12 12:26:17 2008 => Smazaných objektů: 0
Sat Jan 12 12:26:17 2008 => Celkem chyb: 16
Sat Jan 12 12:26:17 2008 => Uplynulý čas: 00:34:35
Sat Jan 12 12:26:17 2008 => Datum vydání databáze: 1/12/2008
Sat Jan 12 12:26:17 2008 => Verze virové databáze: 508640

Sat Jan 12 12:26:17 2008 => Test je dokončen, kontrolu lze provést na www.viry.cz.

Chyby:

[15558] Internetove Stranky (*VYŘEŠENO*)

Dne 12 Leden, 2008 Diallix komentuje:

Stiahni si avenger na plochu: http://www.viry.cz/node/
Podla navodu sa dopracuj ku tomu okne a do neho skopiruj toto :

Quote:

Files to delete:
C:\Documents and Settings\Vlastik\Data aplikací\Glue mess peak\xbxsasfz.exe

Folders to delete:
C:\Documents and Settings\Vlastik\Data aplikací\Glue mess peak

Done >> Semafor >> OK
Log z neho (c:\avenger.txt) skopiruj sem.

Manualne zmaz :
C:\QooBox

Vypni obnovu systemu. Po tom ako to urobis, daj sem log z avengera a HJT a preferuj, ako sa pocitac chova.

[15559] Internetove Stranky (*VYŘEŠENO*)

Dne 13 Leden, 2008 Vlastik komentuje:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\wunqgmhr

*******************

Script file located at: \??\C:\nrjsfwkm.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Documents and Settings\Vlastik\Data aplikací\Glue mess peak\xbxsasfz.exe deleted successfully.
Folder C:\Documents and Settings\Vlastik\Data aplikací\Glue mess peak deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Tady HJT.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: 82.208.58.96 l2authd.lineage2.com
O1 - Hosts: 82.208.58.96 l2testauthd.lineage2.com
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe Reader 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Kerio Personal Firewall\kpf4ss.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

No takze. Program avenger tyto soubory sice vymazal, ale hodil je do slozky backup.zip, kde nadale predstavuji hrozbu si myslim. Tady je vysledek z virustotal.com :
Soubor backup.zip přijatý 2008.01.13 12:42:30 (CET)
Současný stav: Dokončeno
Výsledek: 18/32 (56.25%)
Mam ho vymazat rucne ? Jo a jeste otazecka k tem hrozbam, ktere nasel MWAV. Jak je mam opravit kdyz je tam treba ze nejaky soubor odkazuje na spatne umisteni nebo tak nejak. Je potreba to opravovat ?
Ohledne funkcnosti pc: Na pocatku se mi objevovala okna, ktera jsem nechtel, nejake reklamy a ted se mi nic neukazuje, reklamy nenaskakuji a taky jsem s vasi pomoci odstranil viry, o kterych jsem ani nevedel. Takze Vam vsem moc dekuju ALE. Modra smrt. Uz se mi nezobrazuje tak casto, nybrz bratr rikal ze se vcera 1 ukazala. Jak mohu zjistit, cim to je ? Muze to byt zpusobeno nejakym programem ? Badejete, koumejte. Dik

[15560] Internetove Stranky (*VYŘEŠENO*)

Dne 13 Leden, 2008 Diallix komentuje:

Log neni cely!

Ano, obsah c:\combofix
c:\avenger
c:\quarantine
zmaz rucne.

Log z mwavu poukazuje na vyliecene infekcie a chybne kluce. To poriesis pouzitim
Ccleaneru : http://www.viry.cz/node/12221

Niekolko krat pocitac precisti vo vsetkych smerov, cize aj vyhladanim a zmaznutim problemov. Niekolko krat to precisti.

Co sa tika modrej smrti, moze byt sposobena programom, grafikou, ram. Pri nabehnuti naskoci modra obrazovka a biele udaje (hodnoty), ktore poukazuju na problem. Pod nimi je odpocitavanie casu. Bolo by dobre, keby si tu dal popis chyb a zamyslel sa, kedy sa modra smrt zacala vyskytovat. Je dost pravdepodobne, ze pouzitim neakeho programu.

[15561] Internetove Stranky (*VYŘEŠENO*)

Dne 13 Leden, 2008 Vlastik komentuje:

Tady jsou obrazky, ktere se objevi po najeti z modre smrti. Lze z nich neco vycist - cim to je ? Jeste jsem stihl opsat z te obrazovky tohle : Technické Informace :
*** STOP: 0x0000008E (0xC0000005, 0xBF8OD1B1, OxF5BC768, Ox00000000)
***win32k.sys - Address BF80D1B1 Base at BF 800000, DateStamp 41107f7a. No a posledni dobou jsem zadne programy ani neinstaloval - snad Adobe Captivate, ale uz jsem ho odinstaloval. Jinak tento problem trva uz asi měsíc +-.

[15562] Internetove Stranky (*VYŘEŠENO*)

Dne 13 Leden, 2008 Diallix komentuje:

Odinstaluj avast. A cakaj, ci to bude robit.

[15563] Internetove Stranky (*VYŘEŠENO*)

Dne 13 Leden, 2008 Vlastik komentuje:

Ale avast je jediny antivir co mam a co me chrani. Opravdu ho mam dat pryc?

[15564] Internetove Stranky (*VYŘEŠENO*)

Dne 14 Leden, 2008 Diallix komentuje:

Ano daj, nainstaluj novy. Ak budu problemy pretrvavat, tak napis.

[15565] Internetove Stranky (*VYŘEŠENO*)

Dne 14 Leden, 2008 Vlastik komentuje:

A jaky antivir mam naistalovat? Nemate nejaky tip ci odkaz? :cool:

[15566] Internetove Stranky (*VYŘEŠENO*)

Dne 14 Leden, 2008 Honza komentuje:

Zdravim,
dobrý jsou nod,norton,kaspersky a pak to chce nejaky firewall kerio nebo je třeba integrovany v nortonu...

[15567] Internetove Stranky (*VYŘEŠENO*)

Dne 15 Leden, 2008 Vlastik komentuje:

Zdravim. Mam problem s antivirem. Nejde mi nainstalovat Kaspersky. Active Virus Shield ani Kaspersky Antivir. Napise to musite restartovat pc pred instalaci. Restartuju, spustim instalaci a zase to pise to same. Co s tim?

[15568] Internetove Stranky (*VYŘEŠENO*)

Dne 15 Leden, 2008 Diallix komentuje:

hmm, daj tu log z HJT.

[15569] Internetove Stranky (*VYŘEŠENO*)

Dne 15 Leden, 2008 Honza komentuje:

Zkus stáhnout jinou verzi.

[15570] Internetove Stranky (*VYŘEŠENO*)

Dne 15 Leden, 2008 Vlastik komentuje:

Logfile of HijackThis v1.99.1
Scan saved at 22:09, on 2008-01-15
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Kerio Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kerio Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio Personal Firewall\kpf4gui.exe
C:\Program Files\HP\HP Software Update\HPWuSchd .exe
C:\Program Files\HP\hpcoretech\hpcmpmgr .exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor .exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched .exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Norton AntiVirus\navw32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Vlastik\Programy na Havet\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.atlas.cz/?from=icqhp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
F3 - REG:win.ini: load=C:\WINDOWS\system32\khhed.exe
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {F8275B2C-236A-432F-AF10-ABC18F38E6F6} - C:\WINDOWS\system32\khhed.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM .exe" -startup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe Reader 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Plánovač automatické aktualizace LiveUpdate (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Kerio Personal Firewall\kpf4ss.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

Existuje nejaky zpusob jak zrychlit internet ? Mohl se virem zpomalit ?

[15571] Internetove Stranky (*VYŘEŠENO*)

Dne 15 Leden, 2008 Diallix komentuje:

Podla informacii tam mas vundo nakazu.

Toto otestuj na virustotal.com :
C:\Program Files\Common Files\InstallShield\UpdateService\issch .exe

Urobte kroky podla navodu sem : http://www.viry.cz/node/

Aplikuj oba programy v nudzovom rezime. Z toho druheho sem daj log a urob novy log z HijackThisu, ale 2. : http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

[15572] Internetove Stranky (*VYŘEŠENO*)

Dne 16 Leden, 2008 Vlastik komentuje:

Ten soubor jsem dal na virustotal a nic v nem neni, ale rad bych ho smazal nevim jestli muzu ? Nemel jsem ho tam a nemyslim si, ze je nejak vyznamny. Dalsi vec jaky je rozdil mezi timto HTS : http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis ?
To vycistenu jdu provest prave ted log bude za chvili.

[15573] Internetove Stranky (*VYŘEŠENO*)

Dne 16 Leden, 2008 Diallix komentuje:

Subor je ok. Hijackthis 1 z ktoreho si robi prvy log je starsi a ta 2 dokaze zistit lepsie nakazu ako ten prvy. Preto je lepsie davat z toho druheho.

[15574] Internetove Stranky (*VYŘEŠENO*)

Dne 16 Leden, 2008 Vlastik komentuje:

[01/16/2008, 20:13:53] - VirtumundoBeGone v1.5 ( "E:\Vlastik\Programy na Havet\VirtumundoBeGone.exe" )
[01/16/2008, 20:14:10] - Detected System Information:
[01/16/2008, 20:14:10] - Windows Version: 5.1.2600, Service Pack 2
[01/16/2008, 20:14:10] - Current Username: Administrator (Admin)
[01/16/2008, 20:14:10] - Windows is in SAFE mode with Networking.
[01/16/2008, 20:14:10] - Searching for Browser Helper Objects:
[01/16/2008, 20:14:10] - BHO 1: {055FD26D-3A88-4e15-963D-DC8493744B1D} (XTTBPos00 Class)
[01/16/2008, 20:14:10] - BHO 2: {53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
[01/16/2008, 20:14:10] - BHO 3: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)
[01/16/2008, 20:14:10] - BHO 4: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
[01/16/2008, 20:14:10] - BHO 5: {A2ACF7EE-F43E-4C39-B99A-F9CE3A418211} ()
[01/16/2008, 20:14:10] - WARNING: BHO has no default name. Checking for Winlogon reference.
[01/16/2008, 20:14:10] - Checking for HKLM\...\Winlogon\Notify\khhed
[01/16/2008, 20:14:10] - Key not found: HKLM\...\Winlogon\Notify\khhed, continuing.
[01/16/2008, 20:14:10] - BHO 6: {F10587E9-0E47-4CBE-84AE-7DD20B8684CC} (e404mgr Class)
[01/16/2008, 20:14:10] - Finished Searching Browser Helper Objects
[01/16/2008, 20:14:10] - Finishing up...
[01/16/2008, 20:14:10] - Nothing found! Exiting...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:15, on 2008-01-16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe Reader 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (file missing)
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Kerio Personal Firewall\kpf4ss.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)

--
End of file - 5055 bytes

Jo a mam vymazat tu slozku rucne co vytvoril ten program? Obsahuje jiste skodlive kody, ale jeden soubor, ktery je prej vir: khhed.exe tak tan asi chybi memu pocitaci, protoze mi to pise pri startu systemu ze nejde najit. To je pochopitelne ze ho nenajde kdyz jsme ho vymazali. Tak nevim. Jo a jeste chyba. Ten vas program VundoFix mi zpusobil, ze nemuze se zapnout antivir Avira. 8-)

[15575] Internetove Stranky (*VYŘEŠENO*)

Dne 16 Leden, 2008 Diallix komentuje:

Nevidim dovod, preco by nemal antivir ist.Program nic nezmazal od antiviru.Co hlasi?

[15576] Internetove Stranky (*VYŘEŠENO*)

Dne 18 Leden, 2008 Vlastik komentuje:

Ze nelze spustit antivir protoze nemuze spustit soubor nejaky avr.exe, coz je vlastne ten spoustec antiviru. Jo a na zacatku startu systemu to pise tu chybu s tim souborem khed.exe - nelze najit. A strasne me trapi velmi pomala rychlost pripojeni k internetu s tim ze kdyz dam treba seznam nacita to 3min nez se neco ukaze ale download je rychly. Jak mam jeste fxnout pc aby se vse zpravilo ?

[15577] Internetove Stranky (*VYŘEŠENO*)

Dne 18 Leden, 2008 Diallix komentuje:

Pocitac predrhni niekolko krat s ccleanerom :
http://www.viry.cz/node/12221

Podla navodu ho precisti a vyhladaj problem a tie zmaz,

Po tom, antivir preinstaluj.

Ked to budes mat hotove, preferuj ci problemy zmizli.

[15578] Internetove Stranky (*VYŘEŠENO*)

Dne 18 Leden, 2008 Vlastik komentuje:

AntiVir Avira opet funguje nevim cim to bylo. To je jedno hlaven ze jede, ale dam si jiny antivir. No tak to by bylo, ale jeste spousta drobnych problemu se vyskytuje porad. Tak za 1. asi od 17.1.2008 mi zacal pocitac zase skakat do modre smrti a pise to porad to same co jsem vam uz psal vzdy nejake ***STOP 0x(000.....) a pak jen povidani ze mam zkontrolovat misto na disk, videoadaptery, BIOS, zakazat pametove stinovani ci co atd. Kua tohle potrebuju vyresit jako problem cislo 1 !!!!!!!! Napiste mi pls co mam delat ? Nejake programy na zjisteni stavu pc poslete, nebo reknete jak ho mam stabilizovat muj PC. Moc prosim. Kdyz vyresime tenhle problem tak pka se muzu vrhnout na ostatni.

[15579] Internetove Stranky (*VYŘEŠENO*)

Dne 19 Leden, 2008 Vlastik komentuje:

Mozna jsem problem vyresil. Vcera jsem zjistil, ze kdyz nainstaluju Ad-aware 2007 a spustim ho tak PC skoci do modre smrti. Ale mozna to tim nebylo. Nic jineho me nenapada - cim by to mohlo byt. Nevite jak se mam vyvarovat modre smrti ? No nic vyresime tohle: Vundo FIxem jsem se zbavil nakazy a ta se hodila do slozky. Jsou to tyhle soubory: C:\WINDOWS\system32\dehhk.ini
C:\WINDOWS\system32\dehhk.ini2
C:\WINDOWS\system32\khhed.dll
Mam tu slozku rucne smazat ? :shock:
A kdyz fixnu v HTC nejakou vec - co se s ni stane? :???:

[15580] Internetove Stranky (*VYŘEŠENO*)

Dne 19 Leden, 2008 Diallix komentuje:

No, proti modrej smrti sa da vyvarovat, ak sa odstrani program, alebo nieco, co ju sposobuje, urcite sama od seba nie je.Skus prekontrolovat pamät s programom Hiren´s Boot Cd : http://www.hiren.info/pages/bootcd

Pod Ram (memory) Testing Tools.

Stiahnut si ho mozes odtialto :
http://rapidshare.com/files/64607376/HBCD93.rar
http://rs147.rapidshare.com/files/46849723/HBCD92.rar

Neviem, ci je to iso subor, ale musi to byt iso image, zakoncene .iso

Alebo Ultimate CD
http://fileforum.betanews.com/detail/Ultimate_Boot_CD_Full/1066657762/1

Stiahni odtialto .iso subor :
http://www.stahuj.centrum.cz/utility_a_ostatni/systemove_nastroje/ostatn...

Iso subor vypal na cd pomocou nera. Potom ho vloz do pc a nabootuj z neho.

Co sa tika toho vunda, hodilo ho do zlozky vundofix.Zlozku zmas manualne a aj zlozky ako
c:\avenger
c:\combofix
c:\quarantine
pokial sa v pc nachadzaju.

Ak fixnes hodnoty v HJT, tak ich program zmaze. Ak fixnes kontabilne, tak si mozes odrovnat pocitac, alebo inak poskodit.

[15581] Internetove Stranky (*VYŘEŠENO*)

Dne 19 Leden, 2008 Vlastik komentuje:

No provedl jsem test Ram pameti a vyledek: Zadne chyby. Hmm, no ted je problem zde: Nejde vymzat tento soubor:

Zkousel jsem to vymazat a opravit i v nouzovem rezime, ale po restrtu je to tam zas. :o

[15582] Internetove Stranky (*VYŘEŠENO*)

Dne 19 Leden, 2008 Diallix komentuje:

Nevidim ten subor.Aky ma nazov a v akom adresary je ulozeny? Hod sem cestu.

Urob este novy combofix a hod ho sem.

[15583] Internetove Stranky (*VYŘEŠENO*)

Dne 19 Leden, 2008 Vlastik komentuje:

TEn soubor je v : C:\Program Files\Helper\superfindout.dll
A jeste ta chyba v Ccleaneru. Nejde to opravit. Vyresme ten soubor, jak ho mam smazat a myslim, ze se tim i vyresi ten problem v Ccleanru. ComboFix jsem spustil a vymazal nejake soubory, ale ten ve Slozce Helper mezi nima nebyl. Dam Vam log z HJT.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:08, on 2008-01-19
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Kerio Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Kerio Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kerio Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O1 - Hosts: 82.208.58.96 l2authd.lineage2.com
O1 - Hosts: 82.208.58.96 l2testauthd.lineage2.com
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - S-1-5-18 Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe Reader 7.0\Reader\reader_sl.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: MSSQL$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Kerio Personal Firewall\kpf4ss.exe
O23 - Service: SQLAgent$SONY_MEDIAMGR - Unknown owner - C:\Program Files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 6546 bytes

[15584] Internetove Stranky (*VYŘEŠENO*)

Dne 19 Leden, 2008 Diallix komentuje:

Je to smejd.

Do avengeru vloz toto :

Quote:

Files to delete:
C:\Program Files\Helper\superfindout.dll

Folders to delete:
C:\Program Files\Helper

DONE >> SEMAFOR >> OK

Ponom sem daj log ktory naskoci.

Potrebujem log z combofixu a urob sken s mwavom:
http://www.viry.cz/node/9061
Nastav podla navoda, nezabudni updatovat a po skene sem daj log z dolneho okna.

[15585] Internetove Stranky (*VYŘEŠENO*)

Dne 20 Leden, 2008 Vlastik komentuje:

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\pcrljifh

*******************

Script file located at: qqtlcawd

Could not open script file! Error

Could not open script file! Status: 0xc000003b Abort!

MWAV :

Objekt "grokster Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "grokster Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "NULLBYTE Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "grokster Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "trojan-downloader.bat.ftp.ab Trojan-Downloader" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "trojan-downloader.bat.ftp.ab Trojan-Downloader" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "smitfraud Browser Hijacker" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "wareout Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "wareout Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Záznam "HKCR\ACDSee6.psd" odkazuje na neplatný objekt "{62B1F4A0-A0C5-4122-8ECE-57DF88C97C33}". Provedené akce: Nic nebylo provedeno.
Záznam "HKCR\E404.e404mgr" odkazuje na neplatný objekt "{F10587E9-0E47-4CBE-84AE-7DD20B8684CC}". Provedené akce: Nic nebylo provedeno.
Záznam "HKCR\E404.e404mgr.1" odkazuje na neplatný objekt "{F10587E9-0E47-4CBE-84AE-7DD20B8684CC}". Provedené akce: Nic nebylo provedeno.
Záznam "HKCR\KMPlayer.kpl" odkazuje na neplatný objekt "{9EB4C4CB-74C2-4BE9-AA5D-8249F16020AD}". Provedené akce: Nic nebylo provedeno.
Záznam "HKCR\KMPlayer.ksf" odkazuje na neplatný objekt "{9EB4C4CB-74C2-4BE9-AA5D-8249F16020AD}". Provedené akce: Nic nebylo provedeno.
Záznam "HKCR\LSCAPI.DiscPrintMgr" odkazuje na neplatný objekt "{5197646C-00EA-4307-A067-61319EBBE499}". Provedené akce: Nic nebylo provedeno.
Záznam "HKCR\LSCAPI.DiscPrintMgr.1" odkazuje na neplatný objekt "{5197646C-00EA-4307-A067-61319EBBE499}". Provedené akce: Nic nebylo provedeno.
Záznam "HKCR\WindowsLive.SetupJob" odkazuje na neplatný objekt "{9B38B1AC-C774-46AB-AD99-0C19871F0714}". Provedené akce: Nic nebylo provedeno.
Záznam "HKCR\WindowsLive.SetupJob.1" odkazuje na neplatný objekt "{9B38B1AC-C774-46AB-AD99-0C19871F0714}". Provedené akce: Nic nebylo provedeno.
Záznam "HKCR\WindowsLive.SetupService" odkazuje na neplatný objekt "{585D47D2-CF74-4869-BF4E-DF5662504F11}". Provedené akce: Nic nebylo provedeno.
Záznam "HKCR\WindowsLive.SetupService.1" odkazuje na neplatný objekt "{585D47D2-CF74-4869-BF4E-DF5662504F11}". Provedené akce: Nic nebylo provedeno.
Soubor C:\System Volume Information\_restore{41AFB6C3-67A7-489F-AADE-26954456CF10}\RP1\A0000001.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Nic nebylo provedeno.
Soubor C:\System Volume Information\_restore{41AFB6C3-67A7-489F-AADE-26954456CF10}\RP3\A0000028.exe je infikovaný virem Trojan-Dropper.Win32.Agent.dgo !! Provedené akce: Nic nebylo provedeno.
Soubor C:\System Volume Information\_restore{41AFB6C3-67A7-489F-AADE-26954456CF10}\RP3\A0000029.exe je infikovaný virem Trojan-Dropper.Win32.Agent.dgo !! Provedené akce: Nic nebylo provedeno.
Soubor C:\System Volume Information\_restore{41AFB6C3-67A7-489F-AADE-26954456CF10}\RP4\A0000047.exe je infikovaný virem Trojan-Dropper.Win32.Agent.dgo !! Provedené akce: Nic nebylo provedeno.
Soubor C:\System Volume Information\_restore{41AFB6C3-67A7-489F-AADE-26954456CF10}\RP4\A0000140.exe je infikovaný virem Trojan-Dropper.Win32.Agent.dgo !! Provedené akce: Nic nebylo provedeno.
Soubor C:\System Volume Information\_restore{41AFB6C3-67A7-489F-AADE-26954456CF10}\RP4\A0000195.dll indentifikován jako "not-a-virus:AdWare.Win32.Virtumonde.drk". Provedené akce: Nic nebylo provedeno.
Soubor C:\System Volume Information\_restore{41AFB6C3-67A7-489F-AADE-26954456CF10}\RP4\A0000235.exe je infikovaný virem Trojan-Dropper.Win32.Agent.dgo !! Provedené akce: Nic nebylo provedeno.
Soubor C:\System Volume Information\_restore{41AFB6C3-67A7-489F-AADE-26954456CF10}\RP4\A0000298.exe je infikovaný virem Trojan-Dropper.Win32.Agent.dgo !! Provedené akce: Nic nebylo provedeno.
Soubor C:\System Volume Information\_restore{41AFB6C3-67A7-489F-AADE-26954456CF10}\RP4\A0000302.dll indentifikován jako "not-a-virus:AdWare.Win32.Virtumonde.drk". Provedené akce: Nic nebylo provedeno.
Soubor C:\System Volume Information\_restore{41AFB6C3-67A7-489F-AADE-26954456CF10}\RP4\A0000316.exe je infikovaný virem Trojan-Dropper.Win32.Agent.dgo !! Provedené akce: Nic nebylo provedeno.
Soubor E:\System Volume Information\_restore{94AE7592-10EC-4FDB-811A-73A51049205E}\RP81\A0038255.EXE/wr-1-904.exe//PE_Patch.Upolyx//PE_Patch.UPX//UPX je infikovaný virem Trojan.Win32.Pakes.de !! Provedené akce: Nic nebylo provedeno.

Tak a combofix jsem nemohl spustit, protoze mi to napsalo ze si mam stahnout novejsi verzi a odinstaloval se. Avenger ho asi znicil ten soubor, protoze jsem dvakrat restartoval pc a uz jsem ho nenasel. Tak mi dejte pls odkaz na Combo Fix.
:???: Jenom znicit smejdy a hura. :cool: Hmm tak ho tam mam znovu ten soubor.

[15586] Internetove Stranky (*VYŘEŠENO*)

Dne 20 Leden, 2008 Diallix komentuje:

Combofix je tu :
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe

Avenger zlyhal. Operaciu so scriptom urob este raz. Avenger skopiruj na plochu a hod ho tam este raz + combo. Ak sa tam bude objavovat nadalej, asi tam bude rootkit, potom urobime este jeden log z IceSword, ale zatial urob to s tym scriptom.

btw. log z mwav je v poriadku. Vypni obnovu systemu + ccleaner, inak je to ok.

[15587] Internetove Stranky (*VYŘEŠENO*)

Dne 21 Leden, 2008 Vlastik komentuje:

Ten odkaz je neplatny. Not Found 404. Jo a jeste k tomu MWAVOvi. Kdyz je tam napsano: D:/System volemu ... je infikovan virem ?! To je v poradku?
Dale k tomu Avengrovi. Soubor vymazan uspesne, ale restaroval jsem pc a je tam zas, takze mise neuspesna :o . Jeste k tomu problemu s Ccleanerem. Tato chyba: Nejde opravit. Nevite Proc?
Jo tu Obnovu systemu jsem vypl.

[15588] Internetove Stranky (*VYŘEŠENO*)

Dne 21 Leden, 2008 Diallix komentuje:

System Volume...= Obnova systemu, cize ak ju zmazes, zmazes vir.
Ak to stale zlyhava, bude tam asi rootkit. Urob log z ICE Swordu:

Quote:

Stahnete aplikaci IceSword 1.22 -> http://download.sosej.cz/programy3/IceSword122en.zip
V aplikaci Icesword udelejte logy z:

* Process (v pripade, ze Icesword zobrazi proces cervenou barvou, zvyraznete to radcum v logu)
* Kernel Module

[15589] Internetove Stranky (*VYŘEŠENO*)

Dne 21 Leden, 2008 Vlastik komentuje:

Jak smazu ten vir v C system volume .. kdyz se tam nemuzu dostat ?

[15590] Internetove Stranky (*VYŘEŠENO*)

Dne 21 Leden, 2008 Diallix komentuje:

Vypnutim obnovy systemu, ktoru si urobil, podla toho co si napisal.

[15591] Internetove Stranky (*VYŘEŠENO*)

Dne 22 Leden, 2008 Vlastik komentuje:

Tady jsou ty logy. A prosim najdete mi Combo Fix. Je to dobry program.
Process:

System Idle Process
System
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\system32\smss.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Documents and Settings\Vlastik\Plocha\Ice Sword\IceSword.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Kerio Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Kerio Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Kerio Personal Firewall\kpf4gui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe

Kernel Module:

\WINDOWS\system32\ntoskrnl.exe
\WINDOWS\system32\hal.dll
\WINDOWS\system32\KDCOM.DLL
\WINDOWS\system32\BOOTVID.dll
sptd.sys
\WINDOWS\System32\Drivers\WMILIB.SYS
\WINDOWS\System32\Drivers\SCSIPORT.SYS
pci.sys
isapnp.sys
pciide.sys
\WINDOWS\System32\DRIVERS\PCIIDEX.SYS
MountMgr.sys
ftdisk.sys
dmload.sys
dmio.sys
PartMgr.sys
VolSnap.sys
atapi.sys
disk.sys
\WINDOWS\System32\DRIVERS\CLASSPNP.SYS
fltmgr.sys
KSecDD.sys
Ntfs.sys
NDIS.sys
nv_agp.sys
Mup.sys
\SystemRoot\System32\DRIVERS\audstub.sys
\SystemRoot\System32\DRIVERS\rasl2tp.sys
\SystemRoot\System32\DRIVERS\ndistapi.sys
\SystemRoot\System32\DRIVERS\ndiswan.sys
\SystemRoot\System32\DRIVERS\raspppoe.sys
\SystemRoot\System32\DRIVERS\raspptp.sys
\SystemRoot\System32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\psched.sys
\SystemRoot\System32\DRIVERS\msgpc.sys
\SystemRoot\System32\DRIVERS\ptilink.sys
\SystemRoot\System32\DRIVERS\raspti.sys
\SystemRoot\System32\DRIVERS\NtApm.sys
\SystemRoot\System32\DRIVERS\usbohci.sys
\SystemRoot\System32\DRIVERS\USBPORT.SYS
\SystemRoot\System32\DRIVERS\usbehci.sys
\SystemRoot\System32\DRIVERS\NVENET.sys
\SystemRoot\system32\drivers\ALCXWDM.SYS
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\System32\DRIVERS\HSFBS2S2.sys
\SystemRoot\System32\DRIVERS\HSFDPSP2.sys
\SystemRoot\System32\DRIVERS\HSFCXTS2.sys
\SystemRoot\System32\Drivers\Modem.SYS
\SystemRoot\System32\DRIVERS\imapi.sys
\SystemRoot\system32\drivers\pfc.sys
\SystemRoot\System32\DRIVERS\cdrom.sys
\SystemRoot\System32\DRIVERS\redbook.sys
\SystemRoot\system32\DRIVERS\nv4_mini.sys
\SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
\SystemRoot\System32\DRIVERS\rdpdr.sys
\SystemRoot\System32\DRIVERS\termdd.sys
\SystemRoot\System32\DRIVERS\kbdclass.sys
\SystemRoot\System32\DRIVERS\mouclass.sys
\SystemRoot\System32\DRIVERS\swenum.sys
\SystemRoot\System32\DRIVERS\update.sys
\SystemRoot\system32\DRIVERS\axskbus.sys
\SystemRoot\System32\DRIVERS\mssmbios.sys
\SystemRoot\System32\DRIVERS\i8042prt.sys
\SystemRoot\System32\DRIVERS\parport.sys
\SystemRoot\System32\DRIVERS\serial.sys
\SystemRoot\System32\DRIVERS\serenum.sys
\SystemRoot\System32\DRIVERS\fdc.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\axsaki.sys
\SystemRoot\System32\DRIVERS\usbhub.sys
\SystemRoot\System32\DRIVERS\USBD.SYS
\SystemRoot\System32\DRIVERS\flpydisk.sys
\SystemRoot\System32\Drivers\Fs_Rec.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\??\C:\WINDOWS\system32\dxdss.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\Drivers\mnmdd.SYS
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\fwdrv.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\DRIVERS\rasacd.sys
\SystemRoot\System32\DRIVERS\ipsec.sys
\SystemRoot\System32\DRIVERS\tcpip.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\System32\drivers\afd.sys
\SystemRoot\System32\Drivers\SCDEmu.SYS
\??\C:\WINDOWS\system32\drivers\oreans32.sys
\SystemRoot\system32\drivers\khips.sys
\SystemRoot\System32\DRIVERS\ipnat.sys
\SystemRoot\System32\DRIVERS\wanarp.sys
\SystemRoot\System32\Drivers\Fips.SYS
\SystemRoot\System32\Drivers\Cdfs.SYS
\SystemRoot\System32\Drivers\dump_atapi.sys
\SystemRoot\System32\Drivers\dump_WMILIB.SYS
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\watchdog.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\drivers\dxg.sys
\SystemRoot\System32\drivers\dxgthk.sys
\SystemRoot\System32\nv4_disp.dll
\SystemRoot\System32\DRIVERS\ndisuio.sys
\SystemRoot\System32\DRIVERS\mrxdav.sys
\SystemRoot\System32\Drivers\ParVdm.SYS
\SystemRoot\System32\DRIVERS\HSF_FALL.sys
\SystemRoot\System32\DRIVERS\HSF_FSKS.sys
\SystemRoot\System32\DRIVERS\HSF_K56K.sys
\SystemRoot\System32\DRIVERS\mdmxsdk.sys
\SystemRoot\System32\DRIVERS\secdrv.sys
\SystemRoot\System32\DRIVERS\HSF_FAXX.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\drivers\wdmaud.sys
\SystemRoot\system32\drivers\sysaudio.sys
\SystemRoot\System32\DRIVERS\HSF_TONE.sys
\SystemRoot\System32\DRIVERS\HSF_V124.sys
\SystemRoot\System32\Drivers\HTTP.sys
\SystemRoot\System32\Drivers\Fastfat.SYS
\??\D:\Interlude\system\npkcrypt.sys
\??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys
\SystemRoot\system32\drivers\kmixer.sys
\SystemRoot\System32\Drivers\IsDrv122.sys
\WINDOWS\system32\ntdll.dll

[15592] Internetove Stranky (*VYŘEŠENO*)

Dne 23 Leden, 2008 Diallix komentuje:

Log idem hned skontrolovat.
Tu mas ten combofix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

[15593] Internetove Stranky (*VYŘEŠENO*)

Dne 23 Leden, 2008 Diallix komentuje:

Do avengeru napis toto:

Quote:

Files to delete:
C:\WINDOWS\system32\dxdss.sys
C:\WINDOWS\system32\drivers\oreans32.sys

Done >> Semafor >> OK
Po restarte log z avengera.

[15594] Internetove Stranky (*VYŘEŠENO*)

Dne 25 Leden, 2008 Vlastik komentuje:

Zatim Vam dekuju za vse. Viry v pc uz nemam, soubor ve slozve Helper uz neni - zmizel to je dobre a jediny problem, ktery pretrvava je ten s Ccleanrem. Viz obrazek z predeslych prispevku. Stale nevim jak to opravit, poradte prosim. A jeste jedna takova zvlastni vec. Vypnu hru a kdyz rychle kliknu na jinou ikonu, tak je pc v takovem tom stavu ze jeste vypina hru a je pomalejsi to znate urcite, a zda se mi jakoby to nestihal a najednou mi zmizi ikony na plose a cekam a nic. Porad nic. Tak jedine co jde je RESTART. Cim to bude ? Ram mam 512 MB, coz je na dnesni dobu malo. Ale driv to nedelalo. Diky

[15595] Internetove Stranky (*VYŘEŠENO*)

Dne 25 Leden, 2008 Diallix komentuje:

To s tym ccleanerom nebude nic nebezpecneho. Obrazok hlasi chybu.Skus to v nudzovom rezime precistit ak pojde, ale nebude to ziadna vada.
Co sa tyka toho mrznutia, pojde urcite o neaky program. O aku hru sa jedna?

[15596] Internetove Stranky (*VYŘEŠENO*)

Dne 25 Leden, 2008 Vlastik komentuje:

Jedna se o Lineage II Interlude, ale jak rikam. Driv to nedelalo. V nouzovme rezimu jsem to zkousel ale ta chyba je tam porad. Neni na to nejaky program nebo nemuzu fixnout neco v HTC ci v Ice Swordu ?
Jo a nejaka rada na to jak udrzet pc bez viru a malware a problemu byste vedeli ?

DIKY JSTE SUPER :cool: Kamosi mi na zacatku vsech problemu porad radili reinstal Windows, ale diky Vam to neni treba. Juhů :???:

[15597] Internetove Stranky (*VYŘEŠENO*)

Dne 25 Leden, 2008 Diallix komentuje:

Keby si mi dal presny kluc tych registrov, nieco by sem poriesili, alebo to zmaz rucne start >> spustit >> napis "regedit" a vyhladaj tam retazec a zmaz deletom.

Co sa tyka tej hry, urcite by som odinstaloval neaky program, ktory zatazuje pocitac. Moze to byt sposobene aj tou hrou.Mne to robilo o neakom programe BON YOUR "APPLE SOFTWARE".To som nemohol ani vysipat kos, lebo to vzdy padlo.

CO sa tyka virov asi sa vsetci zhodneme, ze neprimat blbosti od kadekoho, nechodit po pornostrankach, mat aktualny firewall, antivirus. Ako som uz povedal, ale najdolezitejsi firewall, atd je medzi monitorom a stolickou.

Inak dakujem za uznanie :-) Nemas zaco.

[15598] Internetove Stranky (*VYŘEŠENO*)

Dne 25 Leden, 2008 Vlastik komentuje:

Tady : http://dlg.uloz.to/8186645d1244ef1bc89db27e27c60439/159697/128.jpg

[15599] Internetove Stranky (*VYŘEŠENO*)

Dne 25 Leden, 2008 Diallix komentuje:

http://www.viry.cz/node/6786

Tam mas navod. Chod od zaciatku a preferuj.Alebo hned odskusaj :
http://www.majorgeeks.com/download4001.html

[15600] Internetove Stranky (*VYŘEŠENO*)

Dne 27 Leden, 2008 Vlastik komentuje:

Zdravim Vas vsechny. Tak jsem to vyzkousel a k memu prekvapeni to FUNGUJE ! Opravdu jsem smazal ty 2 registry co nesly odstranit a tudiz se mi ta chyba v Ccleaneru neukazuje. Mockrat Vam dekuju zase se mam z ceho radovat. :cool:
Takze tema muzete uzavrit, jelikoz me uz nic netrapi a kdyby trapilo napisu zas. A uplne posledni vec ze vsech. Jaky si myslite ze je nejlepsi antivir z techto: Avira, BitDefender a nebo Avast ? Vsechno to jsou antiviry zdarma. Dekuji za odpoved a mejte se hezky. :eek: :D :???:

[15601] Internetove Stranky (*VYŘEŠENO*)

Dne 27 Leden, 2008 Diallix komentuje:

Asi Avast.

Nemas zac a na buduce uz nepis tu, ale pri problemoch si zaloz nove tema :-)

Mej se.