your privacy is in dangerous

jirijirkas, 26 Leden, 2008

Zabezpečení, bezpečnost komunikace

Zdravim, mám problém, na ploše si mi objevilo: your privacy is in dangerous download privacy protection software now a začaly mi vyskakovat hybové hlášky od windows. Když jsem použil program SmitfraudFix.exe, tak si mi plocha vyčistila a počítač už dal pokoj,ale asi tak po dvou hodinách používání se mi tento nápis na ploše znovu objevil. Celý postup jsem opakoval několikrát a vždy se mi po určité době hláška vrátila, nevíte někdo co s tím? Předem díky.

Pro psaní komentářů se musíte přihlásit

[16280] Re: your privacy is in dangerous

Dne 27 Leden, 2008 Diallix komentuje:

Pro psaní komentářů se musíte přihlásit

Je to smejd.

Stiahnite si HijackThis tu : http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

Stiahnite na plochu, nainstalujte, spustite. V menu kliknite na a"DO A SYSTEM SCAN AND SAVE A LOGFILE" . Po skene nabehne log v poznamkovom bloku, ktory skopirujte cely sem.

[16281] your privacy is in dangerous

Dne 27 Leden, 2008 jirijirkas komentuje:

Pro psaní komentářů se musíte přihlásit

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:29, on 27.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ChrisTV\ChrisTV_Agent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Rapidown\rapidown.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\PROGRA~1\WinTV\HCWTVS~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Hijack\HiJackThis(2).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQToolbar\toolbaru.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SXG Advisor - {7603FD22-36C0-4DE7-A28F-ADFA9CE3ACB8} - C:\WINDOWS\dpvtporxno.dll
O2 - BHO: ADSTechnology Class - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Program Files\ADSTechnology\ADSTechnology.dll
O2 - BHO: ActivationManager Class - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Program Files\ActivationManager\ActivationManager.dll (file missing)
O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} - C:\PROGRA~1\Rapidown\rapi310.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQToolbar\toolbaru.dll (file missing)
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ICQ Lite] D:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ChrisTV Agent] "C:\Program Files\ChrisTV\ChrisTV_Agent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\RunOnce: [ICQ Lite] D:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Rapidown.lnk = C:\Program Files\Rapidown\rapidown.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Analyzovat LeechGetem - file://C:\Program Files\LeechGet 2004\\Parser.html
O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\rapidownGetAll.htm
O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\rapidownGet.htm
O8 - Extra context menu item: Download LeechGetem - file://C:\Program Files\LeechGet 2004\\AddUrl.html
O8 - Extra context menu item: Download s průvodcem LeechGetu - file://C:\Program Files\LeechGet 2004\\Wizard.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe
O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: aswmklt - {6075D15D-629C-4320-94FB-55AC3494EA4B} - C:\WINDOWS\aswmklt.dll
O21 - SSODL: bqxomdo - {D6D08620-C30D-4EDD-BE18-7406FA52BB38} - C:\WINDOWS\bqxomdo.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - Unknown owner - C:\WINDOWS\system32\brsvc01a.exe (file missing)
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9081 bytes

[16282] your privacy is in dangerous

Dne 27 Leden, 2008 Diallix komentuje:

Pro psaní komentářů se musíte přihlásit

V programe zafixujte toto:
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: SXG Advisor - {7603FD22-36C0-4DE7-A28F-ADFA9CE3ACB8} - C:\WINDOWS\dpvtporxno.dll
O2 - BHO: ADSTechnology Class - {831CBAC0-8283-4653-9D81-FEB9F3F6E47C} - C:\Program Files\ADSTechnology\ADSTechnology.dll
O2 - BHO: ActivationManager Class - {86A44EF7-78FC-4e18-A564-B18F806F7F56} - C:\Program Files\ActivationManager\ActivationManager.dll (file missing)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQToolbar\toolbaru.dll (file missing)
O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Data aplikací\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O21 - SSODL: aswmklt - {6075D15D-629C-4320-94FB-55AC3494EA4B} - C:\WINDOWS\aswmklt.dll
O21 - SSODL: bqxomdo - {D6D08620-C30D-4EDD-BE18-7406FA52BB38} - C:\WINDOWS\bqxomdo.dll (file missing)

Odinstalujte :
ADSTechnology

Stiahnite si Avenger:
http://www.viry.cz/node/

Dopracujte sa k tomu navodu a do toho okna skopirujte toto:

Quote:

Files to delete:
C:\WINDOWS\dpvtporxno.dll
C:\WINDOWS\aswmklt.dll

DONE >> SEMAFOR >> OK
Pocitac sa resetuje.Po restarte sem skopirujte log,ktory nabehne.Je ulozeny aj v c:\avenger.txt

Toto otestujte na virustotal.com:
C:\Program Files\Rapidown\rapidown.exe

Potomto urobte novy log z HijackThis a ten dajte sem.

[16283] your privacy is in dangerous

Dne 27 Leden, 2008 jirijirkas komentuje:

Pro psaní komentářů se musíte přihlásit

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ihopsgkt

*******************

Script file located at: \??\C:\WINDOWS\system32\tmdfsyki.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\dpvtporxno.dll not found!
Deletion of file C:\WINDOWS\dpvtporxno.dll failed!

Could not process line:
C:\WINDOWS\dpvtporxno.dll
Status: 0xc0000034

File C:\WINDOWS\aswmklt.dll deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[16284] your privacy is in dangerous

Dne 27 Leden, 2008 jirijirkas komentuje:

Pro psaní komentářů se musíte přihlásit

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:26, on 27.1.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\ChrisTV\ChrisTV_Agent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Rapidown\rapidown.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\WinTV\HCWTVS~1.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Hijack\HiJackThis(2).exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - D:\Program Files\ICQToolbar\toolbaru.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {A6984C00-C6EB-11D4-B4A4-080000180323} - C:\PROGRA~1\Rapidown\rapi310.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [ICQ Lite] D:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [ChrisTV Agent] "C:\Program Files\ChrisTV\ChrisTV_Agent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Orb] "C:\Program Files\Winamp Remote\bin\OrbTray.exe" /background
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Rapidown.lnk = C:\Program Files\Rapidown\rapidown.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://D:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: Analyzovat LeechGetem - file://C:\Program Files\LeechGet 2004\\Parser.html
O8 - Extra context menu item: Download all by Rapidown... - C:\Program Files\Rapidown\rapidownGetAll.htm
O8 - Extra context menu item: Download by Rapidown... - C:\Program Files\Rapidown\rapidownGet.htm
O8 - Extra context menu item: Download LeechGetem - file://C:\Program Files\LeechGet 2004\\AddUrl.html
O8 - Extra context menu item: Download s průvodcem LeechGetu - file://C:\Program Files\LeechGet 2004\\Wizard.html
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe
O9 - Extra 'Tools' menuitem: Rapidown - {57E91B47-F40A-11D1-B792-444553540011} - C:\Program Files\Rapidown\rapidown.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - D:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O21 - SSODL: aswmklt - {08A7905C-A81F-423E-88F1-A868ECDDE08F} - C:\WINDOWS\aswmklt.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BrSplService (Brother XP spl Service) - Unknown owner - C:\WINDOWS\system32\brsvc01a.exe (file missing)
O23 - Service: HauppaugeTVServer - Hauppauge Computer Works - C:\PROGRA~1\WinTV\HCWTVS~1.EXE
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8224 bytes

[16285] your privacy is in dangerous

Dne 27 Leden, 2008 Diallix komentuje:

Pro psaní komentářů se musíte přihlásit

Toto fix:
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O21 - SSODL: aswmklt - {08A7905C-A81F-423E-88F1-A868ECDDE08F} - C:\WINDOWS\aswmklt.dll (file missing)

Toto otestovat na VIRUSTOTAL.COM :
C:\Program Files\Rapidown\rapidown.exe

Urobte sken pomocou combofixu:

Quote:

stahnete a ulozte na plochu

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, stisknete klavesu 1 pro pokracovani

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), postupujte dle pokynu na obrazovce, behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate Spyware Terminator, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze se pri skenu Combofix pokousi infikovane soubory smazat a Spyware Terminator tomu muze branit

po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem

[16286] your privacy is in dangerous

Dne 27 Leden, 2008 jirijirkas komentuje:

Pro psaní komentářů se musíte přihlásit

ComboFix 08-01-23.1C - Jiýˇ Fˇla 2008-01-27 13:13:25.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.366 [GMT 1:00]
Running from: D:\Documents and Settings\Jiýˇ Fˇla\Dokumenty\Sta§en‚ soubory\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\dat.txt
C:\WINDOWS\rs.txt
C:\WINDOWS\system32\auto.exe

.
((((((((((((((((((((((((( Files Created from 2007-12-27 to 2008-01-27 )))))))))))))))))))))))))))))))
.

2008-01-27 13:12 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-26 22:07 . 2008-01-27 13:08 <DIR> d-------- C:\Hijack
2008-01-26 20:18 . 2008-01-26 20:18 <DIR> d-------- C:\Program Files\FLY2000TV
2008-01-26 18:36 . 2006-03-02 13:00 1,376 --a------ C:\WINDOWS\system32\dx25mpg.ax
2008-01-26 18:34 . 2008-01-26 19:29 <DIR> d-------- C:\Program Files\ChrisTV
2008-01-26 17:21 . 2008-01-26 17:21 <DIR> d-------- C:\Program Files\Common Files\IviSDK
2008-01-26 17:19 . 2008-01-27 12:23 <DIR> d-------- C:\Program Files\WinTV
2008-01-26 17:19 . 2001-07-19 08:44 393,216 --a------ C:\WINDOWS\system32\hcwsnbd9.dll
2008-01-26 17:19 . 2007-07-10 16:57 102,456 --a------ C:\WINDOWS\system32\hcwi2c32.dll
2008-01-26 17:19 . 2003-05-06 13:13 81,920 --a------ C:\WINDOWS\system32\hcwNull.ax
2008-01-26 17:19 . 2006-12-01 13:32 73,728 --a------ C:\WINDOWS\system32\hcwSnap.ax
2008-01-26 17:19 . 2006-02-13 15:02 57,344 --a------ C:\WINDOWS\system32\hcwFWrit.ax
2008-01-26 17:19 . 2008-01-26 17:21 6,240 --a------ C:\WINDOWS\HCWPNP.INI
2008-01-26 17:13 . 2008-01-26 17:13 <DIR> d-------- C:\Hauppauge
2008-01-26 17:13 . 2006-09-08 09:40 139,264 --a------ C:\WINDOWS\system32\hcwECPPP.ax
2008-01-26 17:13 . 2006-09-08 09:40 96,256 --a------ C:\WINDOWS\system32\hcwCP.ax
2008-01-26 17:13 . 2007-01-15 04:43 16,382 --a------ C:\WINDOWS\system32\drivers\HcwMakoC.rom
2008-01-26 17:13 . 2007-02-06 10:37 16,382 --a------ C:\WINDOWS\system32\drivers\HcwMakoB.rom
2008-01-26 16:19 . 2003-10-10 11:06 4,134 --a------ C:\WINDOWS\system32\drivers\FlyPCI.sys
2008-01-26 16:15 . 2005-11-02 14:20 376,836 --a------ C:\WINDOWS\system32\drivers\HcwFalcn.rom
2008-01-26 16:15 . 2007-02-06 10:27 185,728 --a------ C:\WINDOWS\system32\drivers\hcwPP2.sys
2008-01-26 16:15 . 2004-11-03 18:09 135,213 -ra------ C:\WINDOWS\system32\hcwECP.ax
2008-01-26 16:15 . 2007-02-06 10:26 99,840 --a------ C:\WINDOWS\system32\hcwCCnv2.ax
2008-01-26 16:15 . 2007-02-06 10:26 95,232 --a------ C:\WINDOWS\system32\hcwPrxA2.ax
2008-01-26 16:15 . 2006-07-21 11:50 66,048 --a------ C:\WINDOWS\system32\hcwXDS.dll
2008-01-26 16:15 . 2004-06-08 00:03 36,921 --a------ C:\WINDOWS\system32\hcwutl32.dll
2008-01-26 16:15 . 2004-10-06 00:30 13,883 -ra------ C:\WINDOWS\system32\drivers\HcwMakoA.rom
2008-01-26 16:15 . 2008-01-26 16:15 17 --a------ C:\WINDOWS\system32\auto.ini
2008-01-24 20:31 . 2008-01-27 10:00 2,654 --a------ C:\WINDOWS\system32\tmp.reg
2008-01-24 20:30 . 2008-01-27 10:01 <DIR> d-------- C:\SmitfraudFix
2008-01-24 20:26 . 2008-01-24 20:18 1,129,580 --a------ C:\SmitfraudFix.exe
2008-01-24 19:10 . 2008-01-24 19:09 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-01-24 19:10 . 2008-01-24 19:09 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-01-24 19:10 . 2008-01-24 19:09 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-01-24 19:10 . 2008-01-24 19:10 0 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-01-23 19:16 . 2008-01-22 18:55 204,800 --a------ C:\WINDOWS\elfwgps.dll
2008-01-23 19:16 . 2008-01-22 18:55 139,264 --a------ C:\WINDOWS\fvqkfsp.exe
2008-01-22 20:13 . 2008-01-22 20:13 <DIR> d-------- C:\OpenArena
2008-01-08 19:19 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-01-08 16:40 . 2008-01-08 16:43 <DIR> d-------- C:\WINDOWS\nview
2008-01-08 16:40 . 2006-06-01 19:09 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-01-08 16:40 . 2006-06-01 17:22 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-01-08 16:40 . 2008-01-08 16:44 63,804 --a------ C:\WINDOWS\system32\nvapps.xml
2008-01-08 16:40 . 2006-06-01 17:22 16,960 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-01-08 16:39 . 2008-01-08 16:39 <DIR> d-------- C:\NVIDIA
2008-01-08 16:19 . 2006-06-01 17:22 4,529,408 --a------ C:\WINDOWS\system32\nv4_disp.dll
2008-01-08 16:19 . 2004-08-17 15:49 4,274,816 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll
2008-01-08 16:19 . 2006-06-01 17:22 3,925,920 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-01-08 16:19 . 2006-06-01 17:22 3,925,920 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys
2008-01-07 21:39 . 2008-01-07 21:39 <DIR> d-------- C:\Program Files\Buka
2008-01-03 20:47 . 2008-01-03 20:47 <DIR> d-------- C:\Program Files\Google
2008-01-03 17:54 . 2008-01-03 17:54 122,181 --a------ C:\WINDOWS\system32\Samsung ML-1520
2008-01-03 17:49 . 2003-01-10 21:52 13,997 --a------ C:\WINDOWS\system32\ssgb7mon.dll
2008-01-03 17:48 . 2008-01-03 17:48 <DIR> d-------- C:\WINDOWS\Samsung
2008-01-03 17:48 . 2003-11-17 20:24 208,896 --------- C:\WINDOWS\system32\SSRemove.exe
2008-01-03 17:48 . 2004-05-17 22:04 41,984 --------- C:\WINDOWS\system32\drivers\DGIVECP.SYS
2008-01-03 17:48 . 2003-07-21 20:50 8,478 --------- C:\WINDOWS\system32\SP119.ICO
2008-01-03 17:48 . 2008-01-03 17:48 416 --a------ C:\WINDOWS\BRWMARK.INI
2008-01-03 17:48 . 2008-01-03 17:48 27 --a------ C:\WINDOWS\BRPP2KA.INI
2008-01-02 16:31 . 2008-01-02 16:31 <DIR> d-------- C:\Program Files\Intelore
2008-01-02 16:15 . 2008-01-02 16:22 1,022 --a------ C:\WINDOWS\ARCHPR.INI
2008-01-02 16:14 . 2008-01-02 16:14 <DIR> d-------- C:\Program Files\ElcomSoft
2008-01-01 10:28 . 2008-01-01 12:32 40 --a------ C:\WINDOWS\nero.INI
2007-12-31 17:21 . 2007-12-31 17:21 <DIR> d-------- C:\Program Files\Common Files\DirectX
2007-12-31 17:10 . 2007-12-31 17:25 <DIR> d-------- C:\Program Files\EA GAMES
2007-12-30 21:55 . 2007-12-30 21:55 <DIR> d-------- C:\Temp
2007-12-27 10:07 . 2007-12-27 10:07 0 --a------ C:\OrbPVR.db

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-26 16:21 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-26 15:14 --------- d-----w C:\Program Files\Winamp Remote
2008-01-25 20:38 28,160 ----a-w C:\WINDOWS\Internet Logs\xDB24.tmp
2008-01-25 20:38 2,587,648 ----a-w C:\WINDOWS\Internet Logs\xDB23.tmp
2008-01-25 14:57 36,864 ----a-w C:\WINDOWS\Internet Logs\xDB22.tmp
2008-01-25 14:57 2,588,672 ----a-w C:\WINDOWS\Internet Logs\xDB21.tmp
2008-01-24 19:25 23,552 ----a-w C:\WINDOWS\Internet Logs\xDB20.tmp
2008-01-24 19:24 2,590,720 ----a-w C:\WINDOWS\Internet Logs\xDB1F.tmp
2008-01-24 19:07 39,936 ----a-w C:\WINDOWS\Internet Logs\xDB1E.tmp
2008-01-24 19:07 2,581,504 ----a-w C:\WINDOWS\Internet Logs\xDB1D.tmp
2008-01-24 18:07 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-01-24 18:02 --------- d-----w C:\Program Files\Symantec
2008-01-24 17:56 --------- d-----w C:\Program Files\Norton SystemWorks
2008-01-24 17:04 22,016 ----a-w C:\WINDOWS\Internet Logs\xDB1C.tmp
2008-01-24 17:04 2,563,584 ----a-w C:\WINDOWS\Internet Logs\xDB1B.tmp
2008-01-24 16:41 17,920 ----a-w C:\WINDOWS\Internet Logs\xDB1A.tmp
2008-01-24 16:37 2,546,688 ----a-w C:\WINDOWS\Internet Logs\xDB19.tmp
2008-01-24 16:30 2,547,200 ----a-w C:\WINDOWS\Internet Logs\xDB17.tmp
2008-01-24 16:30 17,408 ----a-w C:\WINDOWS\Internet Logs\xDB18.tmp
2008-01-24 16:20 22,016 ----a-w C:\WINDOWS\Internet Logs\xDB16.tmp
2008-01-24 16:20 2,552,320 ----a-w C:\WINDOWS\Internet Logs\xDB15.tmp
2008-01-24 16:13 20,992 ----a-w C:\WINDOWS\Internet Logs\xDB14.tmp
2008-01-24 16:08 2,563,584 ----a-w C:\WINDOWS\Internet Logs\xDB13.tmp
2008-01-24 15:59 257,536 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-01-24 15:59 2,552,320 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-01-14 13:50 --------- d-----w C:\Program Files\ICQ6
2008-01-10 19:41 --------- d-----w C:\Program Files\ATI Technologies
2008-01-08 14:46 2,429,440 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-01-08 14:45 147,456 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-01-01 20:34 25,600 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-01-01 20:31 2,190,336 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-01-01 18:15 34,816 ----a-w C:\WINDOWS\Internet Logs\xDBC.tmp
2008-01-01 18:00 2,179,072 ----a-w C:\WINDOWS\Internet Logs\xDBB.tmp
2008-01-01 09:06 49,664 ----a-w C:\WINDOWS\Internet Logs\xDBA.tmp
2008-01-01 09:06 2,152,960 ----a-w C:\WINDOWS\Internet Logs\xDB9.tmp
2008-01-01 09:02 502,272 ----a-w C:\WINDOWS\system32\winlogon.exe
2007-12-31 14:56 2,109,952 ----a-w C:\WINDOWS\Internet Logs\xDB7.tmp
2007-12-31 14:54 160,256 ----a-w C:\WINDOWS\Internet Logs\xDB8.tmp
2007-12-24 13:04 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
2007-12-24 13:04 107,832 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
2007-12-23 20:37 --------- d-----w C:\Program Files\MSBuild
2007-12-23 20:18 --------- d-----w C:\Program Files\Reference Assemblies
2007-12-23 18:18 59,904 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2007-12-23 18:17 1,926,656 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2007-12-23 15:24 --------- d-----w C:\Program Files\Sjboy Emulator
2007-12-23 14:54 --------- d-----w C:\Program Files\Winamp
2007-12-21 17:58 1,966,592 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2007-12-21 17:57 290,304 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2007-12-21 16:53 --------- d-----w C:\Program Files\Rapidown
2007-12-20 17:53 --------- d-----w C:\Program Files\id Software
2007-12-17 18:00 --------- d-----w C:\Program Files\Microsoft Games
2007-12-16 20:44 --------- d-----w C:\Program Files\LeechGet 2004
2007-12-16 17:41 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
2007-12-13 17:48 123,904 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2007-12-13 17:43 1,466,880 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2007-12-12 16:21 --------- d-----w C:\Program Files\MultiRes
2007-12-12 16:20 451,072 ----a-w C:\WINDOWS\Radeon Omega Drivers v2.6.87 Uninstall.exe
2007-12-11 19:05 --------- d-----w C:\Program Files\GamePark
2007-12-11 18:55 --------- d-----w C:\Program Files\Mv2Player
2007-12-11 17:07 --------- d-----w C:\Program Files\Mafia
2007-12-11 16:57 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-12-10 17:47 11,376 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-12-10 15:48 --------- d-----w C:\Program Files\Creative
2007-12-10 13:42 --------- d-----w C:\Program Files\ICQLite
2007-12-10 13:39 --------- d-----w C:\Program Files\FileGhost
2007-12-10 13:32 --------- d-----w C:\Program Files\Nová složka
2007-12-10 06:00 --------- d-----w C:\Program Files\UnH Solutions
2007-12-09 17:48 --------- d-----w C:\Program Files\Winamp Toolbar
2007-12-09 17:35 --------- d-----w C:\Program Files\Common Files\InterVideo
2007-12-09 17:34 --------- d-----w C:\Program Files\InterVideo
2007-12-09 17:33 --------- d-----w C:\Program Files\InterActual
2007-12-09 17:27 --------- d-----w C:\Program Files\Real
2007-12-09 17:27 --------- d-----w C:\Program Files\Common Files\xing shared
2007-12-09 17:27 --------- d-----w C:\Program Files\Common Files\Real
2007-12-09 17:26 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-12-09 17:22 --------- d-----w C:\Program Files\Java Web Start
2007-12-09 17:21 105,168 ----a-w C:\WINDOWS\NSUninst.exe
2007-12-09 17:21 --------- d-----w C:\Program Files\Java
2007-12-09 17:20 105,168 ----a-w C:\WINDOWS\GREUninstall.exe
2007-12-09 17:20 --------- d-----w C:\Program Files\Netscape
2007-12-09 17:20 --------- d-----w C:\Program Files\Common Files\mozilla.org
2007-12-09 17:19 --------- d-----w C:\Program Files\Skype
2007-12-09 17:13 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-12-09 17:09 --------- d-----w C:\Program Files\Ligos
2007-12-09 16:46 --------- d-----w C:\Program Files\Common Files\Adobe
2007-12-09 16:35 --------- d-----w C:\Program Files\Alcohol Soft
2007-12-09 07:19 --------- d-----w C:\Program Files\Intel
2007-12-08 21:50 --------- d-----w C:\Program Files\Common Files\Ahead
2007-12-08 21:50 --------- d-----w C:\Program Files\Ahead
2007-12-08 21:37 --------- d--h--w C:\Program Files\Uninstall Information
2007-12-08 21:05 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}

[HKEY_CLASSES_ROOT\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WINAMPTB.AOLToolBand]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 13:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-08-17 15:58 1667584]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 16:50 1289000]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]
"Orb"="C:\Program Files\Winamp Remote\bin\OrbTray.exe" [2007-10-23 01:47 360448]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-11-07 09:23 177400]
"LeechGet"="" []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648]
"SoundMan"="SOUNDMAN.EXE" [2003-01-07 11:09 46592 C:\WINDOWS\SOUNDMAN.EXE]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-12-09 18:26 185632]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2007-12-20 16:16 37376]
"ICQ Lite"="D:\Program Files\ICQLite\ICQLite.exe" [2006-07-11 11:06 3144800]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-01-26 04:23 902936]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-06-01 17:22 7618560]
"nwiz"="nwiz.exe" [2006-06-01 17:22 1519616 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-06-01 17:22 86016]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 16:41 45056]
"nod32kui"="C:\Program Files\Eset\nod32kui.exe" [2008-01-24 19:09 949376]
"ChrisTV Agent"="C:\Program Files\ChrisTV\ChrisTV_Agent.exe" [2006-03-05 14:17 188416]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2006-03-02 13:00 15360]
"ALUAlert"="C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe" [ ]

C:\Documents and Settings\Jiýˇ Fˇla\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Rapidown.lnk - C:\Program Files\Rapidown\rapidown.exe [2007-12-21 17:52:45 1044992]

R0 FileGhst;FileGhost File Protector;C:\WINDOWS\system32\Drivers\FileGhst.sys [2005-05-20 12:25]
R3 HauppaugeTVServer;HauppaugeTVServer;C:\PROGRA~1\WinTV\HCWTVS~1.EXE [2007-02-20 15:11]
R3 PSched;Plánovač paketů technologie QoS;C:\WINDOWS\system32\DRIVERS\psched.sys [2006-03-02 13:00]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB;C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 23:08]
S3 FlyPCI;FlyPCI;C:\WINDOWS\system32\drivers\FlyPCI.sys [2003-10-10 11:06]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]

*Newly Created Service* - PROCEXP90
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-27 13:16:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-01-27 13:17:39
ComboFix-quarantined-files.txt 2008-01-27 12:17:34

[16287] your privacy is in dangerous

Dne 27 Leden, 2008 Diallix komentuje:

Pro psaní komentářů se musíte přihlásit

Do avengera skopiruj toto:

Quote:

Files to delete:
C:\WINDOWS\system32\auto.ini
C:\WINDOWS\fvqkfsp.exe
C:\WINDOWS\elfwgps.dll
C:\WINDOWS\system32\tmp.reg
C:\WINDOWS\BRWMARK.INI
C:\WINDOWS\BRPP2KA.INI

Otestuj na virustotal.com:
C:\OrbPVR.db
C:\WINDOWS\system32\drivers\HcwMakoA.rom
C:\WINDOWS\system32\drivers\HcwMakoC.rom
C:\WINDOWS\system32\drivers\HcwMakoB.rom
C:\WINDOWS\system32\drivers\HcwFalcn.rom
C:\WINDOWS\system32\hcwCP.ax
C:\WINDOWS\system32\hcwECPPP.ax
C:\WINDOWS\system32\hcwFWrit.ax
C:\WINDOWS\system32\hcwSnap.ax

V logu ich je viacej, ale poskus sa tieto.Uploadni ich, odosli a ak budu infikovane, tak napis vysledky.

Potom urob novy log z combofixu a log z avengera hod sem.

[16288] your privacy is in dangerous

Dne 27 Leden, 2008 jirijirkas komentuje:

Pro psaní komentářů se musíte přihlásit

Virustotal neukázal nic, všechny soubory by měly být v pořádku

ComboFix 08-01-23.1C - Jiýˇ Fˇla 2008-01-27 14:21:11.2 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1029.18.377 [GMT 1:00]
Running from: D:\Documents and Settings\Jiýˇ Fˇla\Dokumenty\Sta§en‚ soubory\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2007-12-27 to 2008-01-27 )))))))))))))))))))))))))))))))
.

2008-01-27 13:12 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-26 22:07 . 2008-01-27 14:04 <DIR> d-------- C:\Hijack
2008-01-26 20:18 . 2008-01-26 20:18 <DIR> d-------- C:\Program Files\FLY2000TV
2008-01-26 18:36 . 2006-03-02 13:00 1,376 --a------ C:\WINDOWS\system32\dx25mpg.ax
2008-01-26 18:34 . 2008-01-26 19:29 <DIR> d-------- C:\Program Files\ChrisTV
2008-01-26 17:21 . 2008-01-26 17:21 <DIR> d-------- C:\Program Files\Common Files\IviSDK
2008-01-26 17:19 . 2008-01-27 13:54 <DIR> d-------- C:\Program Files\WinTV
2008-01-26 17:19 . 2001-07-19 08:44 393,216 --a------ C:\WINDOWS\system32\hcwsnbd9.dll
2008-01-26 17:19 . 2007-07-10 16:57 102,456 --a------ C:\WINDOWS\system32\hcwi2c32.dll
2008-01-26 17:19 . 2003-05-06 13:13 81,920 --a------ C:\WINDOWS\system32\hcwNull.ax
2008-01-26 17:19 . 2006-12-01 13:32 73,728 --a------ C:\WINDOWS\system32\hcwSnap.ax
2008-01-26 17:19 . 2006-02-13 15:02 57,344 --a------ C:\WINDOWS\system32\hcwFWrit.ax
2008-01-26 17:19 . 2008-01-26 17:21 6,240 --a------ C:\WINDOWS\HCWPNP.INI
2008-01-26 17:13 . 2008-01-26 17:13 <DIR> d-------- C:\Hauppauge
2008-01-26 17:13 . 2006-09-08 09:40 139,264 --a------ C:\WINDOWS\system32\hcwECPPP.ax
2008-01-26 17:13 . 2006-09-08 09:40 96,256 --a------ C:\WINDOWS\system32\hcwCP.ax
2008-01-26 17:13 . 2007-01-15 04:43 16,382 --a------ C:\WINDOWS\system32\drivers\HcwMakoC.rom
2008-01-26 17:13 . 2007-02-06 10:37 16,382 --a------ C:\WINDOWS\system32\drivers\HcwMakoB.rom
2008-01-26 16:19 . 2003-10-10 11:06 4,134 --a------ C:\WINDOWS\system32\drivers\FlyPCI.sys
2008-01-26 16:15 . 2005-11-02 14:20 376,836 --a------ C:\WINDOWS\system32\drivers\HcwFalcn.rom
2008-01-26 16:15 . 2007-02-06 10:27 185,728 --a------ C:\WINDOWS\system32\drivers\hcwPP2.sys
2008-01-26 16:15 . 2004-11-03 18:09 135,213 -ra------ C:\WINDOWS\system32\hcwECP.ax
2008-01-26 16:15 . 2007-02-06 10:26 99,840 --a------ C:\WINDOWS\system32\hcwCCnv2.ax
2008-01-26 16:15 . 2007-02-06 10:26 95,232 --a------ C:\WINDOWS\system32\hcwPrxA2.ax
2008-01-26 16:15 . 2006-07-21 11:50 66,048 --a------ C:\WINDOWS\system32\hcwXDS.dll
2008-01-26 16:15 . 2004-06-08 00:03 36,921 --a------ C:\WINDOWS\system32\hcwutl32.dll
2008-01-26 16:15 . 2004-10-06 00:30 13,883 -ra------ C:\WINDOWS\system32\drivers\HcwMakoA.rom
2008-01-24 20:30 . 2008-01-27 10:01 <DIR> d-------- C:\SmitfraudFix
2008-01-24 20:26 . 2008-01-24 20:18 1,129,580 --a------ C:\SmitfraudFix.exe
2008-01-24 19:10 . 2008-01-24 19:09 512,096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2008-01-24 19:10 . 2008-01-24 19:09 298,104 --a------ C:\WINDOWS\system32\imon.dll
2008-01-24 19:10 . 2008-01-24 19:09 15,424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2008-01-24 19:10 . 2008-01-24 19:10 0 --a------ C:\WINDOWS\system32\mapisvc.inf
2008-01-22 20:13 . 2008-01-22 20:13 <DIR> d-------- C:\OpenArena
2008-01-08 19:19 . 2005-05-26 15:34 2,297,552 --a------ C:\WINDOWS\system32\d3dx9_26.dll
2008-01-08 16:40 . 2008-01-08 16:43 <DIR> d-------- C:\WINDOWS\nview
2008-01-08 16:40 . 2006-06-01 19:09 208,896 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-01-08 16:40 . 2006-06-01 17:22 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
2008-01-08 16:40 . 2008-01-08 16:44 63,804 --a------ C:\WINDOWS\system32\nvapps.xml
2008-01-08 16:40 . 2006-06-01 17:22 16,960 --a------ C:\WINDOWS\system32\nvdisp.nvu
2008-01-08 16:39 . 2008-01-08 16:39 <DIR> d-------- C:\NVIDIA
2008-01-08 16:19 . 2006-06-01 17:22 4,529,408 --a------ C:\WINDOWS\system32\nv4_disp.dll
2008-01-08 16:19 . 2004-08-17 15:49 4,274,816 --a--c--- C:\WINDOWS\system32\dllcache\nv4_disp.dll
2008-01-08 16:19 . 2006-06-01 17:22 3,925,920 --a------ C:\WINDOWS\system32\drivers\nv4_mini.sys
2008-01-08 16:19 . 2006-06-01 17:22 3,925,920 --a--c--- C:\WINDOWS\system32\dllcache\nv4_mini.sys
2008-01-07 21:39 . 2008-01-07 21:39 <DIR> d-------- C:\Program Files\Buka
2008-01-03 20:47 . 2008-01-03 20:47 <DIR> d-------- C:\Program Files\Google
2008-01-03 17:54 . 2008-01-03 17:54 122,181 --a------ C:\WINDOWS\system32\Samsung ML-1520
2008-01-03 17:49 . 2003-01-10 21:52 13,997 --a------ C:\WINDOWS\system32\ssgb7mon.dll
2008-01-03 17:48 . 2008-01-03 17:48 <DIR> d-------- C:\WINDOWS\Samsung
2008-01-03 17:48 . 2003-11-17 20:24 208,896 --------- C:\WINDOWS\system32\SSRemove.exe
2008-01-03 17:48 . 2004-05-17 22:04 41,984 --------- C:\WINDOWS\system32\drivers\DGIVECP.SYS
2008-01-03 17:48 . 2003-07-21 20:50 8,478 --------- C:\WINDOWS\system32\SP119.ICO
2008-01-02 16:31 . 2008-01-02 16:31 <DIR> d-------- C:\Program Files\Intelore
2008-01-02 16:15 . 2008-01-02 16:22 1,022 --a------ C:\WINDOWS\ARCHPR.INI
2008-01-02 16:14 . 2008-01-02 16:14 <DIR> d-------- C:\Program Files\ElcomSoft
2008-01-01 10:28 . 2008-01-01 12:32 40 --a------ C:\WINDOWS\nero.INI
2007-12-31 17:21 . 2007-12-31 17:21 <DIR> d-------- C:\Program Files\Common Files\DirectX
2007-12-31 17:10 . 2007-12-31 17:25 <DIR> d-------- C:\Program Files\EA GAMES
2007-12-30 21:55 . 2007-12-30 21:55 <DIR> d-------- C:\Temp
2007-12-27 10:07 . 2007-12-27 10:07 0 --a------ C:\OrbPVR.db

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{140BD8E3-C167-11D4-B4A3-080000180323}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
2007-10-04 21:06 1135968 --a------ C:\Program Files\Winamp Toolbar\winamptb.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}"= C:\Program Files\Winamp Toolbar\winamptb.dll [2007-10-04 21:06 1135968]

C:\Documents and Settings\Jiýˇ Fˇla\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Rapidown.lnk - C:\Program Files\Rapidown\rapidown.exe [2007-12-21 17:52:45 1044992]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-27 14:24:36
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\lsass.exe [5.01.2600.2180]
-> C:\Program Files\Eset\pr_imon.dll
.
Completion time: 2008-01-27 14:26:01
ComboFix-quarantined-files.txt 2008-01-27 13:25:55
ComboFix2.txt 2008-01-27 12:17:40

[16289] your privacy is in dangerous

Dne 27 Leden, 2008 jirijirkas komentuje:

Pro psaní komentářů se musíte přihlásit

Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\jmghebou

*******************

Script file located at: \??\C:\WINDOWS\system32\velvnjsd.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\auto.ini deleted successfully.
File C:\WINDOWS\fvqkfsp.exe deleted successfully.
File C:\WINDOWS\elfwgps.dll deleted successfully.
File C:\WINDOWS\system32\tmp.reg deleted successfully.
File C:\WINDOWS\BRWMARK.INI deleted successfully.
File C:\WINDOWS\BRPP2KA.INI deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[16290] your privacy is in dangerous

Dne 27 Leden, 2008 Diallix komentuje:

Pro psaní komentářů se musíte přihlásit

Preskenujte ho este s tymto:
http://www.viry.cz/node/9061

Spravne nastavte a nechajte skenovanie pustene. Nezabudnite updatovat!
Po skene sem vlozte obsah dolneho okna.

Co je toto?
C:\Hijack
C:\Hauppauge

[16291] your privacy is in dangerous

Dne 27 Leden, 2008 jirijirkas komentuje:

Pro psaní komentářů se musíte přihlásit

Hijack je složka s HiJackThis.exe a hauppauge je přehrávač a ovladače k televizní kartě

[16292] your privacy is in dangerous

Dne 27 Leden, 2008 Diallix komentuje:

Pro psaní komentářů se musíte přihlásit

Urobte ten sken.

[16293] your privacy is in dangerous

Dne 27 Leden, 2008 Anonymní uživatel komentuje:

Pro psaní komentářů se musíte přihlásit

pracuje se na tom,ale jde to hrozně pomalu

[16294] your privacy is in dangerous

Dne 27 Leden, 2008 jirijirkas komentuje:

Pro psaní komentářů se musíte přihlásit

Objekt "trojan-downloader.bat.ftp.ab Trojan-Downloader" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "trojan-downloader.bat.ftp.ab Trojan-Downloader" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "smitfraud Browser Hijacker" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "system soap pro Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "elite toolbar Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "softomate toolbar Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "softomate toolbar Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "softomate toolbar Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "backdoor (ircbot) trojans Spyware/Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Záznam "HKCR\DSP.DSP" odkazuje na neplatný objekt "{9C123EA9-AEC9-4f75-BBC0-7565FA1398966}". Provedené akce: Nic nebylo provedeno.
Záznam "HKCR\ICQPhone.SipxPhoneManager" odkazuje na neplatný objekt "{82308D15-1A2C-416A-A5BE-21DAF85DDB75}". Provedené akce: Nic nebylo provedeno.
Záznam "HKCR\MailFileAtt" odkazuje na neplatný objekt "{00020D05-0000-0000-C000-000000000046}". Provedené akce: Nic nebylo provedeno.
Záznam "HKCR\mapifvbx.object" odkazuje na neplatný objekt "{41116C00-8B90-101B-96CD-00AA003B14FC}". Provedené akce: Nic nebylo provedeno.
Záznam "HKCR\mapifvbx.object.1" odkazuje na neplatný objekt "{41116C00-8B90-101B-96CD-00AA003B14FC}". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Program Files\InterVideo\Common\Bin\IVIPromotion.exe". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\system32\pxwma.dll". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\system32\pxinsi64.exe". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\system32\pxcpyi64.exe". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Windows.Forms.tlb". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.tlb". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscorlib.tlb". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\mscoree.tlb". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.Drawing.tlb". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.EnterpriseServices.tlb". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.JScript.tlb". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.tlb". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.Drawing.tlb". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscoree.tlb". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.tlb". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.tlb". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.tlb". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.tlb". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\mscorlib.tlb". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\System.tlb". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\Microsoft.NET\Framework\v1.0.3705\Microsoft.Vsa.Vb.CodeDOMProcessor.tlb". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\Norton SystemWorks\Norton Ghost\". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".lst". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".pak". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".php". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".pk". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".pk3". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".pk4". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".prc". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".sfv". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".srt". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".xpi". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "LiveReg". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "LiveUpdate". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "Mozilla Firefox (1.5)". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "SymSetup.{B9807C3D-B3DD-41b7-8321-53DDB3A3A888}". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{3EA9D975-BFDC-4E8E-B88B-0446FBC8CA66}". Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{C19731B5-F177-4E90-A5DD-8E05BD8C8898}". Provedené akce: Nic nebylo provedeno.
Soubor C:\Filmy\Futurama\prehravace atd\GDiVX 1.9.1.exe//data0009/SaveNow.exe indentifikován jako "not-a-virus:AdWare.Win32.SaveNow.au". Provedené akce: Nic nebylo provedeno.
Soubor C:\Hijack\backups\backup-20080127-121624-400.dll indentifikován jako "not-a-virus:AdWare.Win32.Agent.uj". Provedené akce: Nic nebylo provedeno.
Soubor C:\Program Files\Mozilla Firefox\crack.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\35AD495B//CryptFF//stream//data0001/01.exe//PE_Patch.Poly//PE_Patch.Poly je infikovaný virem Packed.Win32.PolyCrypt.b !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine\35B07357.exe//CryptFF//stream//data0001/01.exe//PE_Patch.Poly//PE_Patch.Poly je infikovaný virem Packed.Win32.PolyCrypt.b !! Provedené akce: Nic nebylo provedeno.
Soubor C:\RECYCLER\NPROTECT\00000241.DLL indentifikován jako "not-a-virus:AdWare.Win32.Agent.uj". Provedené akce: Nic nebylo provedeno.
Soubor C:\SmitfraudFix\Reboot.exe indentifikován jako "not-a-virus:RiskTool.Win32.Reboot.f". Provedené akce: Nic nebylo provedeno.
Soubor C:\SmitfraudFix.exe//data.rar/SmitfraudFix\Reboot.exe indentifikován jako "not-a-virus:RiskTool.Win32.Reboot.f". Provedené akce: Nic nebylo provedeno.
Soubor D:\Documents and Settings\Jiří Fíla\Dokumenty\Stažené soubory\cool-ticket2006.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Nic nebylo provedeno.
Soubor D:\Documents and Settings\Jiří Fíla\Dokumenty\Stažené soubory\QuickTimeInstaller.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Nic nebylo provedeno.
Soubor D:\Documents and Settings\Jiří Fíla\Dokumenty\Stažené soubory\SmitfraudFix.exe//data.rar/SmitfraudFix\Reboot.exe indentifikován jako "not-a-virus:RiskTool.Win32.Reboot.f". Provedené akce: Nic nebylo provedeno.
Soubor D:\Mozila\Mozilla\Profiles\default\uxs2voyb.slt\Cache\21877FA9d01/HJ-Split.exe je infikovaný virem Trojan-Spy.Win32.Ardamax.t !! Provedené akce: Nic nebylo provedeno.
Soubor D:\Mozila\Mozilla\Profiles\default\uxs2voyb.slt\Cache\C187136Cd01/HJ-Split.exe je infikovaný virem Trojan-Spy.Win32.Ardamax.t !! Provedené akce: Nic nebylo provedeno.
Soubor D:\System Volume Information\_restore{1E952992-1B17-48B8-A6B2-C8D0A9FCD4C7}\RP182\A0065083.exe je infikovaný virem Trojan-Downloader.Win32.Zlob.gkd !! Provedené akce: Nic nebylo provedeno.
Soubor D:\System Volume Information\_restore{1E952992-1B17-48B8-A6B2-C8D0A9FCD4C7}\RP182\A0065107.exe je infikovaný virem Trojan-Spy.Win32.Ardamax.t !! Provedené akce: Nic nebylo provedeno.
Soubor D:\System Volume Information\_restore{1E952992-1B17-48B8-A6B2-C8D0A9FCD4C7}\RP182\A0065108.exe je infikovaný virem Trojan-Spy.Win32.Ardamax.t !! Provedené akce: Nic nebylo provedeno.

[16295] your privacy is in dangerous

Dne 27 Leden, 2008 Diallix komentuje:

Pro psaní komentářů se musíte přihlásit

Do avengera dajte:

Quote:

Files to delete:
D:\Documents and Settings\Jiří Fíla\Dokumenty\Stažené soubory\cool-ticket2006.exe
D:\Documents and Settings\Jiří Fíla\Dokumenty\Stažené soubory
D:\Documents and Settings\Jiří Fíla\Dokumenty\Stažené soubory\QuickTimeInstaller.exe
C:\RECYCLER\NPROTECT\00000241.DLL
C:\Program Files\Mozilla Firefox\crack.exe
C:\Filmy\Futurama\prehravace atd\GDiVX 1.9.1.exe

Folders to delete:
C:\RECYCLER

Rucne zmazte:
C:\Program Files\Norton SystemWorks\Norton Antivirus\Quarantine
c:\hijackthis

Pocitac predrhnite niekolko krat s ccleanerom: http://www.viry.cz/node/12221

Vypnite obnovu systemu.

Ked to urobite, preferujte ako sa sprava pocitac.

[16296] your privacy is in dangerous

Dne 28 Leden, 2008 jirijirkas komentuje:

Pro psaní komentářů se musíte přihlásit

vypadá to všechno v pořádku,ale to předtim taky doufejme,že se to už nevrátí

[16297] your privacy is in dangerous

Dne 28 Leden, 2008 Diallix komentuje:

Pro psaní komentářů se musíte přihlásit

Je na Vas, ci sa to vrati, alebo nie. Prajem pekny den.

[16298] virus

Dne 25 Listopad, 2010 Anonymní uživatel komentuje:

Pro psaní komentářů se musíte přihlásit

mám tenhle vir existuje nějakej antivir? Win32/Protector.N virus prosím odpověd na **@**.**

EDIT by TOBiAS: na emaily neradíme a založ si vlastní téma