Zdravim vsetkych
prosim vas mohli by ste mi poradit.
MWAV mi nasiel 29 kritickych objektov
23 chyb
ale nic nezmazal ani nevyliecil co s tym
za pomoc dakujem
Neviem preco ale nemozem tam ten log dat vzdy ked ho skopiruje tak potom napise ze mozila neodpoveda
Kontrola logu MWAV
Moderátoři: Mods_senior, Security team
Pravidla fóra
Návod na použití programu HijackThis || Návod na vyčištění počítače CCleanerem || FAQ: Antiviry
Návod na použití programu HijackThis || Návod na vyčištění počítače CCleanerem || FAQ: Antiviry
tak tu je aspon z HiJackThis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:34:28, on 27.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\JAG Media Player\tray.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\Ja\LOCALS~1\Temp\mexe.com
C:\Documents and Settings\Ja\Desktop\sd4hide.exe
C:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe
C:\DOCUME~1\Ja\LOCALS~1\Temp\~e5.0001
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
H:\HiJackThis\HiJackThis.exe
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Spouštět JAG Media Player.lnk = C:\Program Files\JAG Media Player\tray.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 6847 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:34:28, on 27.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\JAG Media Player\tray.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\Ja\LOCALS~1\Temp\mexe.com
C:\Documents and Settings\Ja\Desktop\sd4hide.exe
C:\Program Files\EA GAMES\Need for Speed Most Wanted\speed.exe
C:\DOCUME~1\Ja\LOCALS~1\Temp\~e5.0001
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
H:\HiJackThis\HiJackThis.exe
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Spouštět JAG Media Player.lnk = C:\Program Files\JAG Media Player\tray.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 6847 bytes
-
Argoneus
- Level 3.5
- Příspěvky: 939
- Registrován: 28 pro 2007 21:53
- Bydliště: Praha
- Kontaktovat uživatele:
Stáhni si ComboFix (by sUBs) a ulož si ho na plochu
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
A ještě sem dej log z MWAVu podle návodu zde.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
A ještě sem dej log z MWAVu podle návodu zde.
Naposledy upravil(a) Argoneus dne 27 úno 2008 20:45, celkem upraveno 1 x.
toto je z MWAV dik za upozornenie
Soubor C:\Documents and Settings\Ja\Desktop\SmitfraudFix\Reboot.exe indentifikován jako "not-a-virus:RiskTool.Win32.Reboot.f". Provedené akce: Nic nebylo provedeno.
Soubor C:\Documents and Settings\Ja\Desktop\SmitfraudFix_v2.293.exe//data.rar/SmitfraudFix\Reboot.exe indentifikován jako "not-a-virus:RiskTool.Win32.Reboot.f". Provedené akce: Nic nebylo provedeno.
Objekt "trojan-downloader.bat.ftp.ab Trojan-Downloader" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "trojan-downloader.bat.ftp.ab Trojan-Downloader" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "smitfraud Browser Hijacker" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "trojan-downloader.bat.ftp.ab Trojan-Downloader" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "trojan-downloader.bat.ftp.ab Trojan-Downloader" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "trojan-downloader.bat.ftp.ab Trojan-Downloader" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "savenow Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "remacc.multiwebsurv Generic Malware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "Possible Fujacks-type Worm" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "Possible Fujacks-type Worm" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "Possible Fujacks-type Worm" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "Possible Fujacks-type Worm" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "Possible Fujacks-type Worm" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "Possible Fujacks-type Worm" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Program Files\Common Files\Roxio Shared\DLLShared". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".part". Provedené akce: Nic nebylo provedeno.
Soubor C:\WINDOWS\system32\wbchha.dll je infikovaný virem Trojan-Downloader.Win32.Agent.jke !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Documents and Settings\Ja\Desktop\SmitfraudFix\Reboot.exe indentifikován jako "not-a-virus:RiskTool.Win32.Reboot.f". Provedené akce: Nic nebylo provedeno.
Soubor C:\Documents and Settings\Ja\Desktop\SmitfraudFix_v2.293.exe//data.rar/SmitfraudFix\Reboot.exe indentifikován jako "not-a-virus:RiskTool.Win32.Reboot.f". Provedené akce: Nic nebylo provedeno.
Soubor C:\WINDOWS\system32\wbchha.dll je infikovaný virem Trojan-Downloader.Win32.Agent.jke !! Provedené akce: Nic nebylo provedeno.
Soubor D:\Nokia 6288\Temy\Temy SE\hotbar.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Nic nebylo provedeno.
Soubor H:\Elefant\(E)lephant by SK\Plugins\(E)lephant - MU.Downloader.exe je infikovaný virem Worm.Win32.AutoRun.cfp !! Provedené akce: Nic nebylo provedeno.
Soubor H:\Peky\Dekoders for music\cd to waw and mp3 ripper\setupcdripper.exe//WISE0016.BIN//data0002 indentifikován jako "not-a-virus:AdWare.Win32.EZula.p". Provedené akce: Nic nebylo provedeno.
Soubor H:\Peky\Ovladače pre Play\kodeky\DivX\1015489982-DivX5ProGainCodec.exe//Gain_Trickler.exe indentifikován jako "not-a-virus:AdWare.Win32.Gator.3102". Provedené akce: Nic nebylo provedeno.
Soubor H:\Peky\Ovladače pre Play\_codec\DivX 5\DivX5ProGainCodec.exe//Gain_Trickler.exe indentifikován jako "not-a-virus:AdWare.Win32.Gator.3102". Provedené akce: Nic nebylo provedeno.
Soubor H:\Peky\Prehrávače\RadLight Player v3.03 R5.2\RadLight Subtitle Studio 2.0\ss2r1.exe//data0011/SaveNow.exe indentifikován jako "not-a-virus:AdWare.Win32.SaveNow.au". Provedené akce: Nic nebylo provedeno.
Soubor H:\RECYCLER\S-1-5-21-1715567821-838170752-1801674531-1003\Dh1.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Nic nebylo provedeno.
Soubor H:\RECYCLER\S-1-5-21-1715567821-838170752-1801674531-1003\Dh3.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Nic nebylo provedeno.
Soubor H:\Šetriče\1028368.exe//WISE0034.BIN/whiedc.dll indentifikován jako "not-a-virus:AdWare.Win32.WebHancer.16". Provedené akce: Nic nebylo provedeno.
Soubor C:\Documents and Settings\Ja\Desktop\SmitfraudFix\Reboot.exe indentifikován jako "not-a-virus:RiskTool.Win32.Reboot.f". Provedené akce: Nic nebylo provedeno.
Soubor C:\Documents and Settings\Ja\Desktop\SmitfraudFix_v2.293.exe//data.rar/SmitfraudFix\Reboot.exe indentifikován jako "not-a-virus:RiskTool.Win32.Reboot.f". Provedené akce: Nic nebylo provedeno.
Objekt "trojan-downloader.bat.ftp.ab Trojan-Downloader" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "trojan-downloader.bat.ftp.ab Trojan-Downloader" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "smitfraud Browser Hijacker" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "trojan-downloader.bat.ftp.ab Trojan-Downloader" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "trojan-downloader.bat.ftp.ab Trojan-Downloader" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "trojan-downloader.bat.ftp.ab Trojan-Downloader" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "savenow Adware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "remacc.multiwebsurv Generic Malware" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "Possible Fujacks-type Worm" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "Possible Fujacks-type Worm" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "Possible Fujacks-type Worm" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "Possible Fujacks-type Worm" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "Possible Fujacks-type Worm" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Objekt "Possible Fujacks-type Worm" nalezen v souborovém systému! Provedené akce: Nic nebylo provedeno.
Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\Program Files\Common Files\Roxio Shared\DLLShared". Provedené akce: Nic nebylo provedeno.
Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".part". Provedené akce: Nic nebylo provedeno.
Soubor C:\WINDOWS\system32\wbchha.dll je infikovaný virem Trojan-Downloader.Win32.Agent.jke !! Provedené akce: Nic nebylo provedeno.
Soubor C:\Documents and Settings\Ja\Desktop\SmitfraudFix\Reboot.exe indentifikován jako "not-a-virus:RiskTool.Win32.Reboot.f". Provedené akce: Nic nebylo provedeno.
Soubor C:\Documents and Settings\Ja\Desktop\SmitfraudFix_v2.293.exe//data.rar/SmitfraudFix\Reboot.exe indentifikován jako "not-a-virus:RiskTool.Win32.Reboot.f". Provedené akce: Nic nebylo provedeno.
Soubor C:\WINDOWS\system32\wbchha.dll je infikovaný virem Trojan-Downloader.Win32.Agent.jke !! Provedené akce: Nic nebylo provedeno.
Soubor D:\Nokia 6288\Temy\Temy SE\hotbar.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Nic nebylo provedeno.
Soubor H:\Elefant\(E)lephant by SK\Plugins\(E)lephant - MU.Downloader.exe je infikovaný virem Worm.Win32.AutoRun.cfp !! Provedené akce: Nic nebylo provedeno.
Soubor H:\Peky\Dekoders for music\cd to waw and mp3 ripper\setupcdripper.exe//WISE0016.BIN//data0002 indentifikován jako "not-a-virus:AdWare.Win32.EZula.p". Provedené akce: Nic nebylo provedeno.
Soubor H:\Peky\Ovladače pre Play\kodeky\DivX\1015489982-DivX5ProGainCodec.exe//Gain_Trickler.exe indentifikován jako "not-a-virus:AdWare.Win32.Gator.3102". Provedené akce: Nic nebylo provedeno.
Soubor H:\Peky\Ovladače pre Play\_codec\DivX 5\DivX5ProGainCodec.exe//Gain_Trickler.exe indentifikován jako "not-a-virus:AdWare.Win32.Gator.3102". Provedené akce: Nic nebylo provedeno.
Soubor H:\Peky\Prehrávače\RadLight Player v3.03 R5.2\RadLight Subtitle Studio 2.0\ss2r1.exe//data0011/SaveNow.exe indentifikován jako "not-a-virus:AdWare.Win32.SaveNow.au". Provedené akce: Nic nebylo provedeno.
Soubor H:\RECYCLER\S-1-5-21-1715567821-838170752-1801674531-1003\Dh1.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Nic nebylo provedeno.
Soubor H:\RECYCLER\S-1-5-21-1715567821-838170752-1801674531-1003\Dh3.exe je infikovaný virem NULL.Corrupted !! Provedené akce: Nic nebylo provedeno.
Soubor H:\Šetriče\1028368.exe//WISE0034.BIN/whiedc.dll indentifikován jako "not-a-virus:AdWare.Win32.WebHancer.16". Provedené akce: Nic nebylo provedeno.
-
Argoneus
- Level 3.5
- Příspěvky: 939
- Registrován: 28 pro 2007 21:53
- Bydliště: Praha
- Kontaktovat uživatele:
Aha, aha!
Takže před tim než uděláš ComboFix, udělej ještě toto:
Stáhni T-Cleaner
- Spusť .bat soubor
- Program smaže pozůstatky po čistících programech typu SmitFraudFix
Potom sem vlož log z ComboFixu a ještě log z HJT.
Takže před tim než uděláš ComboFix, udělej ještě toto:
Stáhni T-Cleaner
- Spusť .bat soubor
- Program smaže pozůstatky po čistících programech typu SmitFraudFix
Potom sem vlož log z ComboFixu a ještě log z HJT.
ja som prave dnes cistil cely pocitac s programom Ccleaner a uz som tam nic nemal po analyze
tu je log z combofix
ComboFix 08-02-25.3 - Ja 2008-02-27 20:50:12.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.649 [GMT 1:00]
Running from: C:\Documents and Settings\Ja\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\wbchha.dll
.
((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 )))))))))))))))))))))))))))))))
.
2008-02-27 19:15 . 2008-02-27 19:15 0 --a------ C:\23990098.$$$
2008-02-27 18:29 . 2008-02-27 19:06 <DIR> d-------- C:\Program Files\Super Internet TV
2008-02-27 16:35 . 2008-02-27 16:35 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-02-27 16:35 . 2008-02-27 16:35 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-02-27 16:35 . 2008-02-27 16:35 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-02-27 16:35 . 2008-02-27 16:35 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2008-02-27 16:35 . 2008-02-27 16:35 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-02-27 16:35 . 2008-02-27 16:35 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-02-27 16:25 . 2008-02-27 16:32 50 --a------ C:\WINDOWS\Lic.xxx
2008-02-27 16:24 . 2004-08-04 01:07 146,432 --a------ C:\WINDOWS\R.COM
2008-02-27 16:24 . 2004-08-04 01:07 135,680 --a------ C:\WINDOWS\system32\T.COM
2008-02-27 15:32 . 2008-02-27 15:32 <DIR> d-------- C:\Program Files\CCleaner
2008-02-26 23:54 . 2008-02-26 23:54 <DIR> d-------- C:\Documents and Settings\Ja\Application Data\TuneUp Software
2008-02-26 23:54 . 2008-02-26 23:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-02-26 23:54 . 2008-02-26 23:54 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-02-26 23:54 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-02-26 23:53 . 2008-02-26 23:57 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-02-25 18:47 . 2008-02-27 20:23 650 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-02-24 21:20 . 2008-02-24 21:20 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-02-24 20:15 . 2008-02-24 20:15 3,200 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-24 20:14 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-24 20:14 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-24 20:14 . 2008-02-16 19:46 85,504 --a------ C:\WINDOWS\system32\VACFix.exe
2008-02-24 20:14 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-24 20:14 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-24 20:14 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-20 22:47 . 2001-07-30 17:40 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-02-20 22:46 . 2008-02-24 18:13 <DIR> d-------- C:\Program Files\Panda Security
2008-02-20 22:22 . 2008-02-20 22:38 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-20 20:57 . 2008-02-20 21:04 34 --a------ C:\WINDOWS\wcx_ftp.ini
2008-02-19 15:00 . 2008-02-19 15:00 <DIR> d-------- C:\Program Files\Hamachi
2008-02-19 15:00 . 2008-02-21 16:37 <DIR> d-------- C:\Documents and Settings\Ja\Application Data\Hamachi
2008-02-19 15:00 . 2008-02-19 15:00 17,480 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-02-18 17:15 . 2008-02-21 15:57 <DIR> d-------- C:\Program Files\ICQToolbar
2008-02-18 17:15 . 2008-02-18 17:16 <DIR> d-------- C:\Program Files\ICQ6
2008-02-18 16:37 . 2008-02-18 16:39 <DIR> d-------- C:\Documents and Settings\Ja\Application Data\ACD Systems
2008-02-18 16:36 . 2008-02-18 16:36 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-02-18 16:36 . 2008-02-18 16:36 <DIR> d-------- C:\Program Files\ACD Systems
2008-02-18 16:36 . 2008-02-18 16:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-02-17 17:25 . 2008-02-17 17:26 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-14 17:50 . 2008-02-14 17:50 773 --a------ C:\WINDOWS\VPlayer.INI
2008-02-14 17:50 . 2008-02-14 17:50 21 --a------ C:\WINDOWS\VplayerINI.vpl
2008-02-14 17:06 . 2008-02-14 17:06 <DIR> d-------- C:\Documents and Settings\Ja\Application Data\vlc
2008-02-14 17:01 . 2008-02-14 17:01 <DIR> d-------- C:\Program Files\VideoLAN
2008-02-10 23:07 . 2008-02-10 23:07 <DIR> d-------- C:\Documents and Settings\Ja\dwhelper
2008-01-30 21:51 . 2008-02-03 20:25 <DIR> d-------- C:\Program Files\Opera
2008-01-30 21:08 . 2008-02-24 18:06 8,627 --a------ C:\WINDOWS\system32\PAV_FOG.OPC
2008-01-30 17:45 . 2008-01-30 17:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-01-30 17:33 . 2008-01-30 17:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Backup
2008-01-30 17:31 . 2008-02-24 18:13 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-01-28 20:12 . 2008-01-28 20:12 <DIR> d-------- C:\Program Files\JAG Media Player
2008-01-28 20:12 . 2008-01-28 20:14 6,541 --a------ C:\tv.dat
2008-01-28 20:12 . 2008-01-28 20:14 5,040 --a------ C:\radia.dat
2008-01-28 20:12 . 2008-01-28 20:14 589 --a------ C:\svideo.dat
2008-01-28 20:12 . 2008-01-28 20:14 208 --a------ C:\smp3.dat
2008-01-28 20:12 . 2008-01-28 20:17 24 --a------ C:\skin.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 22:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-26 18:11 --------- d-----w C:\Documents and Settings\Ja\Application Data\Skype
2008-02-20 21:49 --------- d-----w C:\Documents and Settings\Ja\Application Data\uTorrent
2008-02-20 21:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-30 16:56 --------- d-----w C:\Program Files\DAEMON Tools
2008-01-24 15:40 --------- d-----w C:\Program Files\ESET
2008-01-24 15:18 --------- d-----w C:\Program Files\ESTsoft
2008-01-24 15:18 --------- d-----w C:\Documents and Settings\Ja\Application Data\ESTsoft
2008-01-21 20:33 --------- d-----w C:\Program Files\Install Creator
2008-01-20 13:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-01-20 12:57 --------- d-----w C:\Program Files\Webteh
2008-01-20 12:57 --------- d-----w C:\Documents and Settings\Ja\Application Data\BSplayer Pro
2008-01-19 21:40 --------- d-----w C:\Documents and Settings\Ja\Application Data\Media Player Classic
2008-01-19 21:38 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-01-17 15:38 --------- d-----w C:\Program Files\e-Mobile Software
2008-01-14 20:38 --------- d-----w C:\Program Files\uTorrent
2008-01-14 16:34 --------- d-----w C:\Program Files\7-Zip
2008-01-13 19:50 --------- d-----w C:\Documents and Settings\Ja\Application Data\Apple Computer
2008-01-13 19:46 --------- d-----w C:\Documents and Settings\Ja\Application Data\ESET
2008-01-13 18:40 --------- d-----w C:\Program Files\TV JOJ Media Player
2008-01-13 18:25 --------- d-----w C:\Program Files\QuickTime
2008-01-13 18:24 --------- d-----w C:\Program Files\Apple Software Update
2008-01-13 18:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-13 18:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-01-13 18:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-01-13 14:38 --------- d-----w C:\Program Files\Google
2008-01-10 20:35 --------- d-----w C:\Documents and Settings\Ja\Application Data\AVG7
2008-01-10 20:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-01-10 20:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-01-08 22:48 --------- d-----w C:\Program Files\DivX
2008-01-08 22:47 724,992 ----a-w C:\WINDOWS\iun6002.exe
2008-01-08 22:20 --------- d-----w C:\Program Files\Skype
2008-01-08 22:20 --------- d-----w C:\Program Files\Common Files\Skype
2008-01-08 22:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-01-08 18:50 --------- d-----w C:\Documents and Settings\Ja\Application Data\ICQ
2008-01-08 18:46 --------- d-----w C:\Program Files\SopCast
2008-01-08 18:46 --------- d-----w C:\Documents and Settings\Ja\Application Data\ICQ Toolbar
2008-01-08 18:30 --------- d-----w C:\Documents and Settings\Ja\Application Data\InstallShield
2008-01-08 18:26 --------- d-----w C:\Documents and Settings\Ja\Application Data\CyberLink
2008-01-08 18:14 --------- d-----w C:\Program Files\CyberLink
2008-01-08 18:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-01-08 16:27 --------- d-----w C:\Program Files\CureROM
2008-01-07 15:20 --------- d-----w C:\Program Files\EA SPORTS
2008-01-07 14:50 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-07 14:49 --------- d-----w C:\Program Files\Empire Interactive
2008-01-03 12:10 223,128 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys
2008-01-03 12:09 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd1773.sys
2008-01-03 12:09 642,560 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-03 12:06 --------- d-----w C:\Program Files\Windows Resource Kits
2008-01-03 11:49 48,928 ----a-w C:\WINDOWS\system32\drivers\Tetris.sys
2007-12-31 17:17 --------- d-----w C:\Program Files\EA GAMES
2007-12-16 20:21 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-13 08:43 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-12-13 08:43 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2003-12-23 01:20 777 ----a-w C:\Program Files\trial_setup.ini
2003-12-23 01:20 40,448 ----a-w C:\Program Files\trial_setup.exe
2003-12-23 01:20 4,297,728 ----a-w C:\Program Files\trial_setup.msi
.
------- Sigcheck -------
253e84b9c0f0d9cd42e0892413d69daa C:\WINDOWS\system32\drivers\tcpip.sys
----a-w 360,704 2007-03-09 23:40:04 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:07 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21 1449984]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-12-19 15:48 172280]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 06:55 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 06:52 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 06:55 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 10:21 16270848 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-06-15 12:36 229376]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44 65536]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-07-18 17:23 868352]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 15:57 133016]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 13:06 40048]
"Device Detector"="DevDetect.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:07 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2004-08-04 01:07 99840 C:\WINDOWS\system32\advpack.dll]
C:\Documents and Settings\Ja\Start Menu\Programs\Startup\
SpouçtŘt JAG Media Player.lnk - C:\Program Files\JAG Media Player\tray.exe [2008-01-28 20:12:54 952832]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-12-18 22:18:24 278528]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"I:\\Call of Duty\\CoDMP.exe"=
"C:\\Program Files\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\SopCast\\sopvod.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 17:24]
R0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-23 02:15]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-02-20 13:34]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-02-20 13:34]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 01:07]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 01:07]
R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys [2008-01-03 12:49]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-26 23:54]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1215a3c1-b7c2-11dc-855c-0016e6671cec}]
\Shell\AutoRun\command - J:\RunGame.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38f8324b-a956-11dc-8921-db22058a78d4}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{592565a8-abe9-11dc-8927-0016e6671cec}]
\Shell\AutoRun\command - F:\PlayDiskStart.exe
*Newly Created Service* - TUNEUP.DEFRAG
.
Contents of the 'Scheduled Tasks' folder
"2008-02-26 22:54:18 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-02-21 12:33:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 20:53:54
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-27 20:55:14
ComboFix-quarantined-files.txt 2008-02-27 19:55:09
tu je log z combofix
ComboFix 08-02-25.3 - Ja 2008-02-27 20:50:12.1 - NTFSx86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.1.1033.18.649 [GMT 1:00]
Running from: C:\Documents and Settings\Ja\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\regedit.com
C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\system32\wbchha.dll
.
((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 )))))))))))))))))))))))))))))))
.
2008-02-27 19:15 . 2008-02-27 19:15 0 --a------ C:\23990098.$$$
2008-02-27 18:29 . 2008-02-27 19:06 <DIR> d-------- C:\Program Files\Super Internet TV
2008-02-27 16:35 . 2008-02-27 16:35 <DIR> d-a------ C:\WINDOWS\zts2.exe
2008-02-27 16:35 . 2008-02-27 16:35 <DIR> d-a------ C:\WINDOWS\system32\vcmgcd32.dll
2008-02-27 16:35 . 2008-02-27 16:35 <DIR> d-a------ C:\WINDOWS\system32\iifgfgf.dll
2008-02-27 16:35 . 2008-02-27 16:35 <DIR> d-a------ C:\WINDOWS\rundll16.exe
2008-02-27 16:35 . 2008-02-27 16:35 <DIR> d-a------ C:\WINDOWS\rundl132.dll
2008-02-27 16:35 . 2008-02-27 16:35 <DIR> d-a------ C:\WINDOWS\logo1_.exe
2008-02-27 16:25 . 2008-02-27 16:32 50 --a------ C:\WINDOWS\Lic.xxx
2008-02-27 16:24 . 2004-08-04 01:07 146,432 --a------ C:\WINDOWS\R.COM
2008-02-27 16:24 . 2004-08-04 01:07 135,680 --a------ C:\WINDOWS\system32\T.COM
2008-02-27 15:32 . 2008-02-27 15:32 <DIR> d-------- C:\Program Files\CCleaner
2008-02-26 23:54 . 2008-02-26 23:54 <DIR> d-------- C:\Documents and Settings\Ja\Application Data\TuneUp Software
2008-02-26 23:54 . 2008-02-26 23:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TuneUp Software
2008-02-26 23:54 . 2008-02-26 23:54 306,432 --a------ C:\WINDOWS\system32\TuneUpDefragService.exe
2008-02-26 23:54 . 2007-12-20 10:41 29,440 --a------ C:\WINDOWS\system32\uxtuneup.dll
2008-02-26 23:53 . 2008-02-26 23:57 <DIR> d-------- C:\Program Files\TuneUp Utilities 2008
2008-02-25 18:47 . 2008-02-27 20:23 650 --a------ C:\WINDOWS\system32\drivers\fwdrv.err
2008-02-24 21:20 . 2008-02-24 21:20 <DIR> d-------- C:\Program Files\Sunbelt Software
2008-02-24 20:15 . 2008-02-24 20:15 3,200 --a------ C:\WINDOWS\system32\tmp.reg
2008-02-24 20:14 . 2007-09-05 23:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-02-24 20:14 . 2006-04-27 16:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-02-24 20:14 . 2008-02-16 19:46 85,504 --a------ C:\WINDOWS\system32\VACFix.exe
2008-02-24 20:14 . 2008-02-08 10:37 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-02-24 20:14 . 2004-07-31 17:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-02-24 20:14 . 2007-10-03 23:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-02-20 22:47 . 2001-07-30 17:40 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
2008-02-20 22:46 . 2008-02-24 18:13 <DIR> d-------- C:\Program Files\Panda Security
2008-02-20 22:22 . 2008-02-20 22:38 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-20 20:57 . 2008-02-20 21:04 34 --a------ C:\WINDOWS\wcx_ftp.ini
2008-02-19 15:00 . 2008-02-19 15:00 <DIR> d-------- C:\Program Files\Hamachi
2008-02-19 15:00 . 2008-02-21 16:37 <DIR> d-------- C:\Documents and Settings\Ja\Application Data\Hamachi
2008-02-19 15:00 . 2008-02-19 15:00 17,480 --a------ C:\WINDOWS\system32\drivers\hamachi.sys
2008-02-18 17:15 . 2008-02-21 15:57 <DIR> d-------- C:\Program Files\ICQToolbar
2008-02-18 17:15 . 2008-02-18 17:16 <DIR> d-------- C:\Program Files\ICQ6
2008-02-18 16:37 . 2008-02-18 16:39 <DIR> d-------- C:\Documents and Settings\Ja\Application Data\ACD Systems
2008-02-18 16:36 . 2008-02-18 16:36 <DIR> d-------- C:\Program Files\Common Files\ACD Systems
2008-02-18 16:36 . 2008-02-18 16:36 <DIR> d-------- C:\Program Files\ACD Systems
2008-02-18 16:36 . 2008-02-18 16:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\ACD Systems
2008-02-17 17:25 . 2008-02-17 17:26 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-14 17:50 . 2008-02-14 17:50 773 --a------ C:\WINDOWS\VPlayer.INI
2008-02-14 17:50 . 2008-02-14 17:50 21 --a------ C:\WINDOWS\VplayerINI.vpl
2008-02-14 17:06 . 2008-02-14 17:06 <DIR> d-------- C:\Documents and Settings\Ja\Application Data\vlc
2008-02-14 17:01 . 2008-02-14 17:01 <DIR> d-------- C:\Program Files\VideoLAN
2008-02-10 23:07 . 2008-02-10 23:07 <DIR> d-------- C:\Documents and Settings\Ja\dwhelper
2008-01-30 21:51 . 2008-02-03 20:25 <DIR> d-------- C:\Program Files\Opera
2008-01-30 21:08 . 2008-02-24 18:06 8,627 --a------ C:\WINDOWS\system32\PAV_FOG.OPC
2008-01-30 17:45 . 2008-01-30 17:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2008-01-30 17:33 . 2008-01-30 17:33 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Backup
2008-01-30 17:31 . 2008-02-24 18:13 <DIR> d-------- C:\Program Files\Common Files\Panda Software
2008-01-28 20:12 . 2008-01-28 20:12 <DIR> d-------- C:\Program Files\JAG Media Player
2008-01-28 20:12 . 2008-01-28 20:14 6,541 --a------ C:\tv.dat
2008-01-28 20:12 . 2008-01-28 20:14 5,040 --a------ C:\radia.dat
2008-01-28 20:12 . 2008-01-28 20:14 589 --a------ C:\svideo.dat
2008-01-28 20:12 . 2008-01-28 20:14 208 --a------ C:\smp3.dat
2008-01-28 20:12 . 2008-01-28 20:17 24 --a------ C:\skin.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-26 22:53 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-26 18:11 --------- d-----w C:\Documents and Settings\Ja\Application Data\Skype
2008-02-20 21:49 --------- d-----w C:\Documents and Settings\Ja\Application Data\uTorrent
2008-02-20 21:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-30 16:56 --------- d-----w C:\Program Files\DAEMON Tools
2008-01-24 15:40 --------- d-----w C:\Program Files\ESET
2008-01-24 15:18 --------- d-----w C:\Program Files\ESTsoft
2008-01-24 15:18 --------- d-----w C:\Documents and Settings\Ja\Application Data\ESTsoft
2008-01-21 20:33 --------- d-----w C:\Program Files\Install Creator
2008-01-20 13:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
2008-01-20 12:57 --------- d-----w C:\Program Files\Webteh
2008-01-20 12:57 --------- d-----w C:\Documents and Settings\Ja\Application Data\BSplayer Pro
2008-01-19 21:40 --------- d-----w C:\Documents and Settings\Ja\Application Data\Media Player Classic
2008-01-19 21:38 --------- d-----w C:\Program Files\K-Lite Codec Pack
2008-01-17 15:38 --------- d-----w C:\Program Files\e-Mobile Software
2008-01-14 20:38 --------- d-----w C:\Program Files\uTorrent
2008-01-14 16:34 --------- d-----w C:\Program Files\7-Zip
2008-01-13 19:50 --------- d-----w C:\Documents and Settings\Ja\Application Data\Apple Computer
2008-01-13 19:46 --------- d-----w C:\Documents and Settings\Ja\Application Data\ESET
2008-01-13 18:40 --------- d-----w C:\Program Files\TV JOJ Media Player
2008-01-13 18:25 --------- d-----w C:\Program Files\QuickTime
2008-01-13 18:24 --------- d-----w C:\Program Files\Apple Software Update
2008-01-13 18:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-01-13 18:24 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple
2008-01-13 18:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\QuickTime
2008-01-13 14:38 --------- d-----w C:\Program Files\Google
2008-01-10 20:35 --------- d-----w C:\Documents and Settings\Ja\Application Data\AVG7
2008-01-10 20:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-01-10 20:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2008-01-08 22:48 --------- d-----w C:\Program Files\DivX
2008-01-08 22:47 724,992 ----a-w C:\WINDOWS\iun6002.exe
2008-01-08 22:20 --------- d-----w C:\Program Files\Skype
2008-01-08 22:20 --------- d-----w C:\Program Files\Common Files\Skype
2008-01-08 22:20 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-01-08 18:50 --------- d-----w C:\Documents and Settings\Ja\Application Data\ICQ
2008-01-08 18:46 --------- d-----w C:\Program Files\SopCast
2008-01-08 18:46 --------- d-----w C:\Documents and Settings\Ja\Application Data\ICQ Toolbar
2008-01-08 18:30 --------- d-----w C:\Documents and Settings\Ja\Application Data\InstallShield
2008-01-08 18:26 --------- d-----w C:\Documents and Settings\Ja\Application Data\CyberLink
2008-01-08 18:14 --------- d-----w C:\Program Files\CyberLink
2008-01-08 18:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-01-08 16:27 --------- d-----w C:\Program Files\CureROM
2008-01-07 15:20 --------- d-----w C:\Program Files\EA SPORTS
2008-01-07 14:50 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-07 14:49 --------- d-----w C:\Program Files\Empire Interactive
2008-01-03 12:10 223,128 ----a-w C:\WINDOWS\system32\drivers\dtscsi.sys
2008-01-03 12:09 96,256 ----a-w C:\WINDOWS\system32\drivers\sptd1773.sys
2008-01-03 12:09 642,560 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-03 12:06 --------- d-----w C:\Program Files\Windows Resource Kits
2008-01-03 11:49 48,928 ----a-w C:\WINDOWS\system32\drivers\Tetris.sys
2007-12-31 17:17 --------- d-----w C:\Program Files\EA GAMES
2007-12-16 20:21 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2007-12-13 08:43 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
2007-12-13 08:43 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
2003-12-23 01:20 777 ----a-w C:\Program Files\trial_setup.ini
2003-12-23 01:20 40,448 ----a-w C:\Program Files\trial_setup.exe
2003-12-23 01:20 4,297,728 ----a-w C:\Program Files\trial_setup.msi
.
------- Sigcheck -------
253e84b9c0f0d9cd42e0892413d69daa C:\WINDOWS\system32\drivers\tcpip.sys
----a-w 360,704 2007-03-09 23:40:04 C:\WINDOWS\system32\drivers\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:07 15360]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21 1449984]
"ICQ"="C:\Program Files\ICQ6\ICQ.exe" [2007-12-19 15:48 172280]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-09-13 13:31 22880040]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-11-28 06:55 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-11-28 06:52 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-11-28 06:55 118784]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 10:21 16270848 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2006-06-15 12:36 229376]
"RoxioEngineUtility"="C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe" [2003-05-01 18:44 65536]
"RoxioDragToDisc"="C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe" [2003-07-18 17:23 868352]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2005-12-10 15:57 133016]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [2005-01-12 03:01 32768]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 08:21 1443072]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 13:06 40048]
"Device Detector"="DevDetect.exe" []
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 01:07 15360]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2004-08-04 01:07 99840 C:\WINDOWS\system32\advpack.dll]
C:\Documents and Settings\Ja\Start Menu\Programs\Startup\
SpouçtŘt JAG Media Player.lnk - C:\Program Files\JAG Media Player\tray.exe [2008-01-28 20:12:54 952832]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-12-18 22:18:24 278528]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMMyPictures"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avldr]
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"I:\\Call of Duty\\CoDMP.exe"=
"C:\\Program Files\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\ICQ6\\ICQ.exe"=
"C:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"C:\\Program Files\\SopCast\\SopCast.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\SopCast\\sopvod.exe"=
"C:\\totalcmd\\TOTALCMD.EXE"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
R0 xmasbus;xmasbus;C:\WINDOWS\system32\DRIVERS\xmasbus.sys [2003-12-21 17:24]
R0 xmasscsi;xmasscsi;C:\WINDOWS\system32\Drivers\xmasscsi.sys [2003-12-23 02:15]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2007-12-21 08:21]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-02-20 13:34]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-02-20 13:34]
R2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2004-08-04 01:07]
R3 PSched;QoS Packet Scheduler;C:\WINDOWS\system32\DRIVERS\psched.sys [2004-08-04 01:07]
R3 Tetris;Tetris driver;C:\WINDOWS\system32\Drivers\Tetris.sys [2008-01-03 12:49]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-26 23:54]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
\Shell\AutoRun\command - F:\Autorun.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1215a3c1-b7c2-11dc-855c-0016e6671cec}]
\Shell\AutoRun\command - J:\RunGame.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{38f8324b-a956-11dc-8921-db22058a78d4}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
\Shell\Open(0)\command - Recycled\ctfmon.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{592565a8-abe9-11dc-8927-0016e6671cec}]
\Shell\AutoRun\command - F:\PlayDiskStart.exe
*Newly Created Service* - TUNEUP.DEFRAG
.
Contents of the 'Scheduled Tasks' folder
"2008-02-26 22:54:18 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2008\OneClick.exe
"2008-02-21 12:33:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 20:53:54
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-02-27 20:55:14
ComboFix-quarantined-files.txt 2008-02-27 19:55:09
tu je posledny log z HIJack This
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:00:04, on 27.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\JAG Media Player\tray.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
H:\HiJackThis\HiJackThis.exe
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Spouštět JAG Media Player.lnk = C:\Program Files\JAG Media Player\tray.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 6655 bytes
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:00:04, on 27.2.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\ICQ6\ICQ.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\JAG Media Player\tray.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
H:\HiJackThis\HiJackThis.exe
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Podpora odkazu pre aplikáciu Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6\ICQ.exe" silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: Spouštět JAG Media Player.lnk = C:\Program Files\JAG Media Player\tray.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
--
End of file - 6655 bytes
