Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Odesílám spam

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
karel76
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 14 led 2010 08:57

Odesílám spam

#1 Příspěvek od karel76 »

Dobrý den,

odesílám spam = problém s připojovatelem. PC jsem kontroloval kdečím a tváří se čistý, ale problém stále trvá.

Pomůžete? Než budu muset reinstalovat Win.

Děkuji

RSIT log:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Karel at 2010-01-14 10:18:46
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 180 GB (76%) free of 238 GB
Total RAM: 3327 MB (82% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:19:19, on 14.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\problem\RSIT.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\trend micro\Karel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - e:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: siszyd32.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Download by Orbit - res://e:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://e:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Stáhnout s FlashGetem - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: &Stáhnout vše s FlashGetem - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Do&wnload selected by Orbit - res://e:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://e:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://aolsvc.aol.com/onlinegames/free- ... yer_v4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D955907C-D8B6-45C4-8DB2-5C6E6BBEE9F2}: NameServer = 192.168.2.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe

--
End of file - 9247 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - e:\Program Files\Orbitdownloader\orbitcth.dll [2009-12-21 240912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2009-12-12 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2009-07-07 806912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-15 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-04-16 405504]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-12-10 929224]
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2009-07-07 806912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-06-01 7618560]
"nwiz"=nwiz.exe /install []
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-11 689488]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-18 1848648]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2007-12-14 413696]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-01-01 2033432]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-01-13 3037696]

C:\Documents and Settings\Karel\Nabídka Start\Programy\Po spuštění
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
siszyd32.exe
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-12-03 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Disabled:Konzola Microsoft Management Console"
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe"="C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird"
"C:\Program Files\TightVNC\WinVNC.exe"="C:\Program Files\TightVNC\WinVNC.exe:*:Enabled:TightVNC Win32 Server"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"e:\Program Files\Orbitdownloader\orbitdm.exe"="e:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"e:\Program Files\Orbitdownloader\orbitnet.exe"="e:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-01-14 10:18:46 ----D---- C:\rsit
2010-01-14 10:18:46 ----D---- C:\Program Files\trend micro
2010-01-13 18:06:03 ----D---- C:\Documents and Settings\Karel\Data aplikací\Thunderbird
2010-01-13 16:27:22 ----D---- C:\Documents and Settings\Karel\Data aplikací\Spyware Terminator
2010-01-13 16:27:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-01-13 16:27:15 ----D---- C:\Program Files\Spyware Terminator
2010-01-13 12:28:48 ----D---- C:\problem
2010-01-13 11:08:02 ----SHD---- C:\RECYCLER
2010-01-13 10:35:20 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-13 07:08:20 ----A---- C:\Boot.bak
2010-01-13 07:08:14 ----RASHD---- C:\cmdcons
2010-01-13 07:06:20 ----D---- C:\WINDOWS\ERDNT
2010-01-11 15:01:57 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-04 07:11:06 ----D---- C:\Program Files\Lavasoft
2010-01-04 07:11:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2010-01-04 07:10:31 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-01-01 15:11:54 ----D---- C:\Documents and Settings\Karel\Data aplikací\GrabPro
2010-01-01 11:37:25 ----D---- C:\Documents and Settings\Karel\Data aplikací\Orbit
2009-12-26 19:42:26 ----D---- C:\Program Files\a2 Free
2009-12-21 21:04:00 ----A---- C:\WINDOWS\system32\muweb.dll
2009-12-21 21:04:00 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-12-21 21:04:00 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-12-21 20:54:19 ----A---- C:\WINDOWS\system32\msonpmon.dll
2009-12-21 20:53:58 ----D---- C:\Program Files\Microsoft Works
2009-12-21 20:53:41 ----D---- C:\Program Files\Common Files\DESIGNER
2009-12-21 20:53:10 ----D---- C:\Program Files\Microsoft.NET
2009-12-21 20:49:40 ----D---- C:\WINDOWS\SHELLNEW
2009-12-21 20:49:23 ----D---- C:\Program Files\Microsoft Office
2009-12-21 20:49:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2009-12-21 20:48:49 ----RD---- C:\MSOCache
2009-12-20 11:47:59 ----A---- C:\WINDOWS\system32\javaws.exe
2009-12-20 11:47:59 ----A---- C:\WINDOWS\system32\javaw.exe
2009-12-20 11:47:59 ----A---- C:\WINDOWS\system32\java.exe
2009-12-20 00:01:54 ----A---- C:\WINDOWS\system32\fjhdyfhsn.bat

======List of files/folders modified in the last 1 months======

2010-01-14 10:18:46 ----RD---- C:\Program Files
2010-01-14 10:15:27 ----D---- C:\Program Files\Mozilla Firefox
2010-01-14 10:15:04 ----D---- C:\WINDOWS\Temp
2010-01-14 10:12:49 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-14 10:09:49 ----A---- C:\WINDOWS\wincmd.ini
2010-01-14 09:00:57 ----D---- C:\WINDOWS\system32
2010-01-14 08:36:18 ----D---- C:\WINDOWS\system32\drivers
2010-01-14 08:33:52 ----SHD---- C:\WINDOWS\Installer
2010-01-14 06:45:16 ----D---- C:\Program Files\Mozilla Thunderbird
2010-01-13 20:00:46 ----D---- C:\Mirečka
2010-01-13 18:34:27 ----AD---- C:\WINDOWS
2010-01-13 17:50:41 ----HD---- C:\WINDOWS\inf
2010-01-13 17:50:40 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-13 15:40:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-01-13 12:32:14 ----D---- C:\filip
2010-01-13 11:46:46 ----D---- C:\učebnice
2010-01-13 11:08:03 ----D---- C:\WINDOWS\Debug
2010-01-13 10:35:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-13 10:34:41 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-13 07:15:48 ----A---- C:\WINDOWS\system.ini
2010-01-13 07:12:41 ----D---- C:\WINDOWS\AppPatch
2010-01-13 07:12:36 ----D---- C:\Program Files\Common Files
2010-01-13 07:08:20 ----RASH---- C:\boot.ini
2010-01-11 19:28:06 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-01-11 10:57:40 ----D---- C:\WINDOWS\Prefetch
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2009-12-31 01:37:03 ----D---- C:\Documents and Settings\Karel\Data aplikací\BITS
2009-12-31 01:27:09 ----D---- C:\Downloads
2009-12-30 15:33:02 ----SD---- C:\Documents and Settings\Karel\Data aplikací\Microsoft
2009-12-27 01:22:27 ----D---- C:\pomkocné
2009-12-26 19:22:24 ----D---- C:\Program Files\DAEMON Tools Toolbar
2009-12-23 13:20:16 ----RSD---- C:\WINDOWS\assembly
2009-12-23 08:19:57 ----RSD---- C:\WINDOWS\Fonts
2009-12-23 08:19:51 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-12-23 00:12:07 ----D---- C:\Pomocne
2009-12-22 22:48:02 ----D---- C:\Program Files\Google
2009-12-22 22:07:30 ----D---- C:\WINDOWS\WinSxS
2009-12-21 20:54:11 ----D---- C:\WINDOWS\system32\config
2009-12-21 20:53:11 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2009-12-21 20:42:00 ----A---- C:\WINDOWS\vbaddin.ini
2009-12-21 08:36:32 ----D---- C:\WINDOWS\Corel
2009-12-21 08:36:29 ----D---- C:\Corel
2009-12-20 11:47:51 ----D---- C:\Program Files\Java
2009-12-20 00:59:19 ----D---- C:\Program Files\Internet Explorer
2009-12-19 14:13:16 ----D---- C:\Documents and Settings\Karel\Data aplikací\uTorrent
2009-12-18 10:02:46 ----D---- C:\SZ
2009-12-15 07:55:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\NOS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-12-03 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-12-03 28424]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-12-04 360584]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-12-19 37376]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-08-02 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-06-01 3925920]
R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-12-14 1270872]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\system32\ASNDIS5.SYS []
S3 BCM43XX;ASUS 802.11 ovladač síťového adaptéru; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-02-11 371712]
S3 catchme;catchme; \??\C:\DOCUME~1\Karel\LOCALS~1\Temp\catchme.sys []
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-02 17536]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2010-01-04 611664]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-12-03 285392]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-06-01 155715]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-01-13 488960]
R2 STacSV;Audio Service; c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe [2007-12-14 212992]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-01 133104]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-11-10 72704]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Odesílám spam

#2 Příspěvek od motji »

Dobrý podvečer :)

:arrow: Stáhněte na plochu, ukončete všechna aktivní okna a spusťte ComboFix - http://download.bleepingcomputer.com/sUBs/ComboFix.exe


- ComboFix je třeba spustit pod účtem s právy administrátora

- Před použitím vypněte všechny rezidentní bezpečnostní programy - antiviry, firewally, antispywary

- Po spuštění se zobrazí podmínky užití, potvrďte je stiskem tlačítka Ano

- Dále postupujte dle pokynů, během aplikování ComboFixu neklikejte do zobrazujícího se okna :!:

- Po dokončení skenování, trvajícího maximálně 10 minut, by měl program vytvořit log - C:\ComboFix.txt, skopírujte celý jeho obsah sem
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
karel76
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 14 led 2010 08:57

Re: Odesílám spam

#3 Příspěvek od karel76 »

ComboFix 10-01-13.0C - Karel 14.01.2010 17:45:09.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2698 [GMT 1:00]
Spuštěný z: c:\documents and settings\Karel\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Soubory vytvořené od 2009-12-14 do 2010-01-14 )))))))))))))))))))))))))))))))
.

2010-01-11 14:01 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-04 06:11 . 2010-01-04 06:11 -------- d-----w- c:\program files\Lavasoft
2010-01-04 06:10 . 2010-01-04 06:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-26 18:42 . 2010-01-13 21:50 -------- d-----w- c:\program files\a2 Free
2009-12-21 20:04 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-12-21 20:04 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-12-21 19:54 . 2008-11-10 10:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2009-12-21 19:54 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2009-12-21 19:53 . 2009-12-23 07:19 -------- d-----w- c:\program files\Microsoft Works
2009-12-21 19:53 . 2009-12-21 19:53 -------- d-----w- c:\program files\Microsoft.NET
2009-12-21 19:49 . 2009-12-21 19:49 -------- d-----w- c:\windows\SHELLNEW
2009-12-21 19:48 . 2009-12-21 19:48 -------- d-----r- C:\MSOCache
2009-12-19 23:02 . 2010-01-14 16:50 763904 ----a-w- c:\windows\system32\drivers\juoqgae.sys
2009-12-19 23:01 . 2009-12-19 23:01 148 ----a-w- c:\windows\system32\fjhdyfhsn.bat

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-14 16:26 . 2008-09-29 14:42 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-14 09:19 . 2010-01-14 09:18 -------- d-----w- c:\program files\trend micro
2010-01-13 16:18 . 2010-01-13 15:27 -------- d-----w- c:\program files\Spyware Terminator
2010-01-13 15:27 . 2010-01-13 15:27 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2009-12-26 18:22 . 2009-03-14 00:48 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-12-22 21:48 . 2008-10-05 20:21 -------- d-----w- c:\program files\Google
2009-12-20 10:47 . 2009-01-15 14:22 -------- d-----w- c:\program files\Java
2009-12-14 16:31 . 2009-12-14 16:31 -------- d-----w- c:\program files\All2WAV Recorder
2009-12-10 18:02 . 2004-08-18 10:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2009-12-10 18:02 . 2004-08-18 10:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2009-12-04 11:37 . 2008-12-14 08:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-04 10:20 . 2008-09-29 13:35 -------- d-----w- c:\program files\ATI Technologies
2009-12-04 10:03 . 2009-12-03 16:44 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-03 16:44 . 2009-12-03 16:44 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-03 16:44 . 2009-12-03 16:44 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-03 16:44 . 2009-12-03 16:44 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-03 16:44 . 2009-12-03 16:44 -------- d-----w- c:\program files\AVG
2009-12-03 16:08 . 2008-09-29 12:46 22916 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-27 13:07 . 2009-11-27 13:07 -------- d-----w- c:\program files\PhotomatixPro3
2009-11-25 21:52 . 2008-10-02 11:51 -------- d-----w- c:\program files\MSXML 4.0
2009-11-21 16:03 . 2007-08-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 16:14 . 2009-11-19 16:14 -------- d-----w- c:\program files\Software602
2009-10-29 07:45 . 2007-08-02 12:00 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:45 . 2007-08-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:45 . 2007-08-02 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-10-21 05:40 . 2007-08-02 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2007-08-02 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2007-08-02 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-01-13 3037696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"nwiz"="nwiz.exe" [2006-06-01 1519616]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2007-12-14 413696]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-01 2033432]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Karel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
siszyd32.exe [2008-4-14 23040]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-03 16:44 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\TightVNC\\WinVNC.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"e:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3.12.2009 17:44 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3.12.2009 17:44 360584]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [13.1.2010 16:27 142592]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3.12.2009 17:44 285392]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [29.9.2008 14:40 37376]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.3.2009 1:38 717296]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1.11.2009 23:22 133104]

--- Ostatní služby/ovladače v paměti ---

*Deregistered* - juoqgae
.
Obsah adresáře 'Naplánované úlohy'

2010-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-01 22:22]

2010-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-01 22:22]

2010-01-14 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]

2009-05-17 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: &Download by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/204
IE: &Stáhnout s FlashGetem - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: &Stáhnout vše s FlashGetem - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
TCP: {D955907C-D8B6-45C4-8DB2-5C6E6BBEE9F2} = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Karel\Data aplikací\Mozilla\Firefox\Profiles\rm2ren4m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: e:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npfiller.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-14 17:50
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\juoqgae]

.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-854245398-412668190-682003330-1003\Software\Andreas Haak\a*Ű]
"Language"="Czech"
"Expires"="1/1/3000 :)"
"Last"="13.1.2010"

[HKEY_USERS\S-1-5-21-854245398-412668190-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Andreas Haak\a*Ű]
"User"="karel.jirku@seznam.cz"
"Code"="kaja"
"License"=dword:00000001
"Active"=dword:00000001
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(3312)
c:\windows\system32\nview.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\DRMClien.DLL
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
Celkový čas: 2010-01-14 17:52:02
ComboFix-quarantined-files.txt 2010-01-14 16:51

Před spuštěním: Volných bajtů: 188 810 588 160
Po spuštění: Volných bajtů: 188 832 391 168

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,3,4,5
- - End Of File - - E9836B89EF3F6348C01DB0F6B3381725
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Odesílám spam

#4 Příspěvek od motji »

:arrow: Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Collect::
c:\windows\system32\drivers\juoqgae.sys
File::
c:\documents and settings\Karel\Nabídka Start\Programy\Po spuštění\siszyd32.exe
c:\windows\system32\fjhdyfhsn.bat
Driver::
juoqgae
Reglock::
[HKEY_LOCAL_MACHINE\software\Andreas Haak\a*Ű]
FixCSet::
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek


-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
karel76
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 14 led 2010 08:57

Re: Odesílám spam

#5 Příspěvek od karel76 »

Tady to je. Děkuju za Váš čas.

ComboFix 10-01-13.0C - Karel 14.01.2010 18:35:58.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3327.2623 [GMT 1:00]
Spuštěný z: c:\documents and settings\Karel\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Karel\Plocha\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\documents and settings\Karel\Nabídka Start\Programy\Po spuštění\siszyd32.exe"
"c:\windows\system32\fjhdyfhsn.bat"

file zipped: c:\windows\system32\drivers\juoqgae.sys
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Karel\Nabídka Start\Programy\Po spuštění\siszyd32.exe
c:\windows\system32\drivers\juoqgae.sys
c:\windows\system32\fjhdyfhsn.bat

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_JUOQGAE
-------\Service_juoqgae


((((((((((((((((((((((((( Soubory vytvořené od 2009-12-14 do 2010-01-14 )))))))))))))))))))))))))))))))
.

2010-01-14 16:52 . 2010-01-14 16:52 -------- d-----w- c:\documents and settings\Karel\Nová složka
2010-01-14 09:18 . 2010-01-14 09:19 -------- d-----w- C:\rsit
2010-01-14 09:18 . 2010-01-14 09:19 -------- d-----w- c:\program files\trend micro
2010-01-14 08:03 . 2010-01-14 08:03 -------- d-----r- c:\documents and settings\LocalService\Oblíbené položky
2010-01-13 15:27 . 2010-01-13 15:27 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-01-13 15:27 . 2010-01-13 16:18 -------- d-----w- c:\program files\Spyware Terminator
2010-01-13 11:28 . 2010-01-14 16:41 -------- d-----w- C:\problem
2010-01-11 14:01 . 2009-11-21 16:03 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-01-04 06:11 . 2010-01-04 06:11 -------- d-----w- c:\program files\Lavasoft
2010-01-04 06:10 . 2010-01-04 06:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-26 18:42 . 2010-01-13 21:50 -------- d-----w- c:\program files\a2 Free
2009-12-21 20:04 . 2009-08-06 18:23 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-12-21 20:04 . 2009-08-06 18:23 215920 ----a-w- c:\windows\system32\muweb.dll
2009-12-21 19:54 . 2008-11-10 10:41 32656 ----a-w- c:\windows\system32\msonpmon.dll
2009-12-21 19:54 . 2006-10-26 18:56 33104 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\msonpppr.dll
2009-12-21 19:53 . 2009-12-23 07:19 -------- d-----w- c:\program files\Microsoft Works
2009-12-21 19:53 . 2009-12-21 19:53 -------- d-----w- c:\program files\Microsoft.NET
2009-12-21 19:49 . 2009-12-21 19:49 -------- d-----w- c:\windows\SHELLNEW
2009-12-21 19:48 . 2009-12-21 19:48 -------- d-----r- C:\MSOCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-14 16:56 . 2008-09-29 14:42 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-12-26 18:22 . 2009-03-14 00:48 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-12-22 21:48 . 2008-10-05 20:21 -------- d-----w- c:\program files\Google
2009-12-20 10:47 . 2009-01-15 14:22 -------- d-----w- c:\program files\Java
2009-12-14 16:31 . 2009-12-14 16:31 -------- d-----w- c:\program files\All2WAV Recorder
2009-12-10 18:02 . 2004-08-18 10:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2009-12-10 18:02 . 2004-08-18 10:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2009-12-04 11:37 . 2008-12-14 08:32 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-04 10:20 . 2008-09-29 13:35 -------- d-----w- c:\program files\ATI Technologies
2009-12-04 10:03 . 2009-12-03 16:44 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-12-03 16:44 . 2009-12-03 16:44 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-12-03 16:44 . 2009-12-03 16:44 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-12-03 16:44 . 2009-12-03 16:44 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-12-03 16:44 . 2009-12-03 16:44 -------- d-----w- c:\program files\AVG
2009-12-03 16:08 . 2008-09-29 12:46 22916 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-27 13:07 . 2009-11-27 13:07 -------- d-----w- c:\program files\PhotomatixPro3
2009-11-25 21:52 . 2008-10-02 11:51 -------- d-----w- c:\program files\MSXML 4.0
2009-11-21 16:03 . 2007-08-02 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-19 16:14 . 2009-11-19 16:14 -------- d-----w- c:\program files\Software602
2009-10-29 07:45 . 2007-08-02 12:00 832512 ------w- c:\windows\system32\wininet.dll
2009-10-29 07:45 . 2007-08-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:45 . 2007-08-02 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-10-21 05:40 . 2007-08-02 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:40 . 2007-08-02 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2007-08-02 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
.

((((((((((((((((((((((((((((( SnapShot@2010-01-14_16.50.26 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-14 17:39 . 2010-01-14 17:39 16384 c:\windows\Temp\Perflib_Perfdata_2b4.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-01-13 3037696]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"nwiz"="nwiz.exe" [2006-06-01 1519616]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2008-03-11 689488]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2008-03-18 1848648]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2007-12-14 413696]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-01 2033432]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Karel\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-12-03 16:44 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\TightVNC\\WinVNC.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"e:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"e:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3.12.2009 17:44 333192]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3.12.2009 17:44 360584]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [13.1.2010 16:27 142592]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3.12.2009 17:44 285392]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [29.9.2008 14:40 37376]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [14.3.2009 1:38 717296]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1.11.2009 23:22 133104]
.
Obsah adresáře 'Naplánované úlohy'

2010-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-01 22:22]

2010-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-01 22:22]

2010-01-14 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]

2009-05-17 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.cz/
uInternet Connection Wizard,ShellNext = iexplore
IE: &Download by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/204
IE: &Stáhnout s FlashGetem - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
IE: &Stáhnout vše s FlashGetem - c:\program files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - e:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
TCP: {D955907C-D8B6-45C4-8DB2-5C6E6BBEE9F2} = 192.168.2.1
FF - ProfilePath - c:\documents and settings\Karel\Data aplikací\Mozilla\Firefox\Profiles\rm2ren4m.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Seznam
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - component: e:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npfiller.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-14 18:40
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-854245398-412668190-682003330-1003\Software\Andreas Haak\a*Ű]
"Language"="Czech"
"Expires"="1/1/3000 :)"
"Last"="13.1.2010"

[HKEY_USERS\S-1-5-21-854245398-412668190-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Andreas Haak\a*Ű]
"User"="karel.jirku@seznam.cz"
"Code"="kaja"
"License"=dword:00000001
"Active"=dword:00000001
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'explorer.exe'(1076)
c:\windows\system32\nview.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\DRMClien.DLL
c:\windows\system32\nvwddi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\RunDLL32.exe
c:\windows\system32\rundll32.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2010-01-14 18:43:20 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-01-14 17:43
ComboFix2.txt 2010-01-14 16:52

Před spuštěním: Volných bajtů: 188 873 990 144
Po spuštění: Volných bajtů: 188 754 059 264

- - End Of File - - 24CBB7429F56C0750672B2F038C97519
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Odesílám spam

#6 Příspěvek od motji »

LOg vypadá v pořádku, co počítač?

:arrow: Odinstalujte combofix přes
Start >> Spustit zkopírujte do okénka:

ComboFix /Uninstall

stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.



:arrow: Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir


:arrow: Stahněte TFC a použijte
TFC (http://oldtimer.geekstogo.com/TFC.exe)


:arrow: Stáhněte Ccleaner,viz můj podpis
-nainstalujte a vyčištěte dočasné soubory, i registry

:arrow: Vložte nový log ze RSIT a řekněte co počítač,jak se chová,už je vše v pořádku?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
karel76
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 14 led 2010 08:57

Re: Odesílám spam

#7 Příspěvek od karel76 »

Bohužel, stále z mé IP odchází tisíce mailů.

Nový log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Karel at 2010-01-14 21:10:31
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 186 GB (78%) free of 238 GB
Total RAM: 3327 MB (82% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:10:40, on 14.1.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16945)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\IDT\WDM\sttray.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\problem\RSIT.exe
C:\Program Files\trend micro\Karel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - e:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PDFCreator Toolbar Helper - {C451C08A-EC37-45DF-AAAD-18B51AB5E837} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: PDFCreator Toolbar - {31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [SpywareTerminatorUpdate] "C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: &Download by Orbit - res://e:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://e:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: &Stáhnout s FlashGetem - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: &Stáhnout vše s FlashGetem - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Do&wnload selected by Orbit - res://e:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://e:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://aolsvc.aol.com/onlinegames/free- ... yer_v4.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{D955907C-D8B6-45C4-8DB2-5C6E6BBEE9F2}: NameServer = 192.168.2.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe

--
End of file - 8804 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\RegCure Program Check.job
C:\WINDOWS\tasks\RegCure.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}]
Octh Class - e:\Program Files\Orbitdownloader\orbitcth.dll [2009-12-21 240912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll [2009-12-12 1484056]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-09-15 1562960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C451C08A-EC37-45DF-AAAD-18B51AB5E837}]
PDFCreator Toolbar Helper - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2009-07-07 806912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-12-15 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-12-15 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{327C2873-E90D-4c37-AA9D-10AC9BABA46C} - Easy-WebPrint - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll [2004-04-16 405504]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-12-10 929224]
{31CF9EBE-5755-4A1D-AC25-2834D952D9B4} - PDFCreator Toolbar - C:\Program Files\PDFCreator Toolbar\v3.3.0.1\PDFCreator_Toolbar.dll [2009-07-07 806912]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Easy-PrintToolBox"=C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [2004-01-14 409600]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-06-01 7618560]
"nwiz"=nwiz.exe /install []
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2008-03-11 689488]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2008-03-18 1848648]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2007-12-14 413696]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe [2010-01-01 2033432]
"NvMediaCenter"=NvMCTray.dll,NvTaskbarInit []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2010-01-13 3037696]

C:\Documents and Settings\Karel\Nabídka Start\Programy\Po spuštění
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-12-03 12464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"C:\WINDOWS\system32\mmc.exe"="C:\WINDOWS\system32\mmc.exe:*:Disabled:Konzola Microsoft Management Console"
"C:\Program Files\Mozilla Thunderbird\thunderbird.exe"="C:\Program Files\Mozilla Thunderbird\thunderbird.exe:*:Enabled:Mozilla Thunderbird"
"C:\Program Files\TightVNC\WinVNC.exe"="C:\Program Files\TightVNC\WinVNC.exe:*:Enabled:TightVNC Win32 Server"
"C:\Program Files\AVG\AVG9\avgupd.exe"="C:\Program Files\AVG\AVG9\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG9\avgnsx.exe"="C:\Program Files\AVG\AVG9\avgnsx.exe:*:Enabled:avgnsx.exe"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"e:\Program Files\Orbitdownloader\orbitdm.exe"="e:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit"
"e:\Program Files\Orbitdownloader\orbitnet.exe"="e:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-01-14 21:10:31 ----D---- C:\rsit
2010-01-14 21:01:34 ----SHD---- C:\RECYCLER
2010-01-14 10:18:46 ----D---- C:\Program Files\trend micro
2010-01-13 18:06:03 ----D---- C:\Documents and Settings\Karel\Data aplikací\Thunderbird
2010-01-13 16:27:22 ----D---- C:\Documents and Settings\Karel\Data aplikací\Spyware Terminator
2010-01-13 16:27:16 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spyware Terminator
2010-01-13 16:27:15 ----D---- C:\Program Files\Spyware Terminator
2010-01-13 12:28:48 ----D---- C:\problem
2010-01-13 10:35:20 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-13 07:08:20 ----A---- C:\Boot.bak
2010-01-13 07:08:14 ----RASHD---- C:\cmdcons
2010-01-11 15:01:57 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-04 07:11:06 ----D---- C:\Program Files\Lavasoft
2010-01-04 07:11:06 ----D---- C:\Documents and Settings\All Users\Data aplikací\Lavasoft
2010-01-04 07:10:31 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-01-01 15:11:54 ----D---- C:\Documents and Settings\Karel\Data aplikací\GrabPro
2010-01-01 11:37:25 ----D---- C:\Documents and Settings\Karel\Data aplikací\Orbit
2009-12-26 19:42:26 ----D---- C:\Program Files\a2 Free
2009-12-21 21:04:00 ----A---- C:\WINDOWS\system32\muweb.dll
2009-12-21 21:04:00 ----A---- C:\WINDOWS\system32\mucltui.dll.mui
2009-12-21 21:04:00 ----A---- C:\WINDOWS\system32\mucltui.dll
2009-12-21 20:54:19 ----A---- C:\WINDOWS\system32\msonpmon.dll
2009-12-21 20:53:58 ----D---- C:\Program Files\Microsoft Works
2009-12-21 20:53:41 ----D---- C:\Program Files\Common Files\DESIGNER
2009-12-21 20:53:10 ----D---- C:\Program Files\Microsoft.NET
2009-12-21 20:49:40 ----D---- C:\WINDOWS\SHELLNEW
2009-12-21 20:49:23 ----D---- C:\Program Files\Microsoft Office
2009-12-21 20:49:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\Microsoft Help
2009-12-21 20:48:49 ----RD---- C:\MSOCache
2009-12-20 11:47:59 ----A---- C:\WINDOWS\system32\javaws.exe
2009-12-20 11:47:59 ----A---- C:\WINDOWS\system32\javaw.exe
2009-12-20 11:47:59 ----A---- C:\WINDOWS\system32\java.exe

======List of files/folders modified in the last 1 months======

2010-01-14 21:10:37 ----D---- C:\WINDOWS\Prefetch
2010-01-14 21:07:15 ----D---- C:\Program Files\Mozilla Firefox
2010-01-14 21:06:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-01-14 21:06:10 ----AD---- C:\WINDOWS
2010-01-14 21:04:04 ----D---- C:\WINDOWS\Temp
2010-01-14 21:03:48 ----SHD---- C:\System Volume Information
2010-01-14 21:03:48 ----D---- C:\WINDOWS\system32\Restore
2010-01-14 21:01:50 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-01-14 21:01:34 ----D---- C:\WINDOWS\system32
2010-01-14 20:58:05 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-14 20:19:39 ----D---- C:\Program Files\Mozilla Thunderbird
2010-01-14 18:43:23 ----D---- C:\WINDOWS\system32\drivers
2010-01-14 18:39:33 ----A---- C:\WINDOWS\system.ini
2010-01-14 18:38:03 ----D---- C:\WINDOWS\system32\config
2010-01-14 18:37:08 ----D---- C:\WINDOWS\AppPatch
2010-01-14 18:37:04 ----D---- C:\Program Files\Common Files
2010-01-14 12:59:18 ----D---- C:\učebnice
2010-01-14 10:18:46 ----RD---- C:\Program Files
2010-01-14 10:09:49 ----A---- C:\WINDOWS\wincmd.ini
2010-01-14 08:33:52 ----SHD---- C:\WINDOWS\Installer
2010-01-13 20:00:46 ----D---- C:\Mirečka
2010-01-13 17:50:41 ----HD---- C:\WINDOWS\inf
2010-01-13 12:32:14 ----D---- C:\filip
2010-01-13 11:08:03 ----D---- C:\WINDOWS\Debug
2010-01-13 10:35:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-13 10:34:41 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-13 07:08:20 ----RASH---- C:\boot.ini
2010-01-11 19:28:06 ----A---- C:\WINDOWS\wcx_ftp.ini
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe
2009-12-31 01:37:03 ----D---- C:\Documents and Settings\Karel\Data aplikací\BITS
2009-12-31 01:27:09 ----D---- C:\Downloads
2009-12-30 15:33:02 ----SD---- C:\Documents and Settings\Karel\Data aplikací\Microsoft
2009-12-27 01:22:27 ----D---- C:\pomkocné
2009-12-26 19:22:24 ----D---- C:\Program Files\DAEMON Tools Toolbar
2009-12-23 13:20:16 ----RSD---- C:\WINDOWS\assembly
2009-12-23 08:19:57 ----RSD---- C:\WINDOWS\Fonts
2009-12-23 08:19:51 ----D---- C:\Program Files\Common Files\Microsoft Shared
2009-12-23 00:12:07 ----D---- C:\Pomocne
2009-12-22 22:48:02 ----D---- C:\Program Files\Google
2009-12-22 22:07:30 ----D---- C:\WINDOWS\WinSxS
2009-12-21 20:53:11 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2009-12-21 20:42:00 ----A---- C:\WINDOWS\vbaddin.ini
2009-12-21 08:36:32 ----D---- C:\WINDOWS\Corel
2009-12-21 08:36:29 ----D---- C:\Corel
2009-12-20 11:47:51 ----D---- C:\Program Files\Java
2009-12-20 00:59:19 ----D---- C:\Program Files\Internet Explorer
2009-12-19 14:13:16 ----D---- C:\Documents and Settings\Karel\Data aplikací\uTorrent
2009-12-18 10:02:46 ----D---- C:\SZ
2009-12-15 07:55:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\NOS

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-12-03 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-12-03 28424]
R1 AvgTdiX;AVG Free Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-12-04 360584]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 sp_rsdrv2;Spyware Terminator Driver 2; \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys []
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l151x86.sys [2007-12-19 37376]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2007-08-02 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-06-01 3925920]
R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2007-12-14 1270872]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2008-04-13 17152]
S3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\system32\ASNDIS5.SYS []
S3 BCM43XX;ASUS 802.11 ovladač síťového adaptéru; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-02-11 371712]
S3 GVCplDrv;GVCplDrv; C:\WINDOWS\system32\drivers\GVCplDrv.sys [2004-05-02 23040]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-02 17536]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2010-01-04 611664]
R2 avg9wd;AVG Free WatchDog; C:\Program Files\AVG\AVG9\avgwdsvc.exe [2009-12-03 285392]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-06-01 155715]
R2 sp_rssrv;Spyware Terminator Realtime Shield Service; C:\Program Files\Spyware Terminator\sp_rsser.exe [2010-01-13 488960]
R2 STacSV;Audio Service; c:\program files\idt\ecsxpv_5762_010208\wdm\STacSV.exe [2007-12-14 212992]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-11-01 133104]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2008-11-10 72704]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Odesílám spam

#8 Příspěvek od motji »

:o já jsem myslela že viníka jsme smazali :o

:arrow: Stáhněte Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878
- rozbalte a spusťte
-proběhne sken, po skončení se otevře okno s výsledky, klikněte na Save a tím si uložíte log,který sem vložíte

-Podle návodu v odkazu provedete druhý sken a log sem také vložíte.


:arrow: Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT :!:
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
karel76
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 14 led 2010 08:57

Re: Odesílám spam

#9 Příspěvek od karel76 »

fulltest Gmer po 2 hodinách vytuhnul. Tak posílám jen malý a MBAM. Bohužel se k blbnoucímu PC dostanu až zítra (so) kolem poledne, takže mám strach že mě před nedělním Format C:\ nic nezáchrání :o .

Zítra pustím znou Gmer

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-01-15 14:31:00
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\Karel\LOCALS~1\Temp\agdiapog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

Malwarebytes' Anti-Malware 1.44
Verze databáze: 3569
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

15.1.2010 17:00:31
mbam-log-1

Typ kontroly: Kompletní kontrola (C:\|E:\|)
Zkontrolované objekty: 210840
Uplynulý čas: 39 minute(s), 28 second(s)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované adresáře: 0
Infikované soubory: 2

Infikované procesy v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované moduly v paměti:
(Nebyly nalezeny žádné škodlivé položky)

Infikované klíče registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované hodnoty registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované datové položky registru:
(Nebyly nalezeny žádné škodlivé položky)

Infikované adresáře:
(Nebyly nalezeny žádné škodlivé položky)

Infikované soubory:
C:\Documents and Settings\Karel\Data aplikací\avdrn.dat (Malware.Trace) -> No action taken.
C:\Documents and Settings\NetworkService\Data aplikací\fvgqad.dat (Malware.Trace) -> No action taken.
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Odesílám spam

#10 Příspěvek od motji »

Co našel mbam, smažte.
Bohužel já tam nic škodlivého nevidím :o , v gmeru neměl jste nějaké červené řádky?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
karel76
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 14 led 2010 08:57

Re: Odesílám spam

#11 Příspěvek od karel76 »

Ne v gmeru nic červeně nebylo. Zrovna tuším kontroloval něco v adresáři Windows. To co našel mbam jsem smazal a pc se restarovalo.
Zítra dám vědet co gmer.

I když se to nepovede, tak si vážim Vaší pomoci a asi si půjdu v pondělí podat sportku. :wink:
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Odesílám spam

#12 Příspěvek od motji »

Ještě zkuste Rootrepeal

:arrow: Stáhněte
http://rootrepeal.googlepages.com/RootRepeal.zip
-Stáhněte,rozbalte a spusťte
-vyberte záložku Files, klikněte na Scan,
-proběhne sken, po něm klikněte na Save Report , tím se uloží log, který zkopírujete sem

-postupně vyberte všechny záložky a udělejte skeny.

A přečtěte si prosím SZ :)
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
karel76
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 14 led 2010 08:57

Re: Odesílám spam

#13 Příspěvek od karel76 »

mám pocit, že Rootrepeal nic nenašel, ale přesto vkládám reporty všech záložek:

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/01/16 15:58
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB43B5000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA628000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB0F34000 Size: 49152 File Visible: No Signed: -
Status: -

==EOF==

files

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/01/16 15:56
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Hidden/Locked Files
-------------------

Hidden

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/01/16 15:57
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Hidden Services
-------------------

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/01/16 15:56
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Processes
-------------------
Path: System
PID: 4 Status: -

Path: C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PID: 248 Status: -

Path: C:\Program Files\IDT\WDM\sttray.exe
PID: 256 Status: -

Path: C:\PROGRA~1\AVG\AVG9\avgtray.exe
PID: 264 Status: -

Path: C:\WINDOWS\system32\rundll32.exe
PID: 272 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 284 Status: -

Path: C:\Program Files\Java\jre6\bin\jusched.exe
PID: 292 Status: -

Path: C:\WINDOWS\system32\rundll32.exe
PID: 316 Status: -

Path: C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe
PID: 380 Status: -

Path: C:\WINDOWS\system32\ctfmon.exe
PID: 388 Status: -

Path: C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
PID: 476 Status: -

Path: C:\Program Files\Mozilla Firefox\firefox.exe
PID: 572 Status: -

Path: C:\Program Files\Mozilla Thunderbird\thunderbird.exe
PID: 624 Status: -

Path: C:\WINDOWS\system32\smss.exe
PID: 640 Status: -

Path: C:\WINDOWS\system32\csrss.exe
PID: 696 Status: -

Path: C:\WINDOWS\system32\winlogon.exe
PID: 736 Status: -

Path: C:\problem\RootRepeal.exe
PID: 772 Status: -

Path: C:\WINDOWS\system32\services.exe
PID: 780 Status: -

Path: C:\WINDOWS\system32\lsass.exe
PID: 800 Status: -

Path: C:\WINDOWS\system32\spoolsv.exe
PID: 936 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 984 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1052 Status: -

Path: C:\Program Files\Java\jre6\bin\jqs.exe
PID: 1116 Status: -

Path: C:\Program Files\Internet Explorer\iexplore.exe
PID: 1132 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1140 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1244 Status: -

Path: C:\WINDOWS\system32\nvsvc32.exe
PID: 1256 Status: -

Path: C:\Program Files\AVG\AVG9\avgchsvx.exe
PID: 1320 Status: -

Path: C:\Program Files\AVG\AVG9\avgrsx.exe
PID: 1328 Status: -

Path: C:\Program Files\AVG\AVG9\avgcsrvx.exe
PID: 1464 Status: -

Path: C:\WINDOWS\system32\svchost.exe
PID: 1472 Status: -

Path: C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PID: 1844 Status: -

Path: C:\WINDOWS\explorer.exe
PID: 1892 Status: -

Path: C:\Program Files\AVG\AVG9\avgwdsvc.exe
PID: 2040 Status: -

Path: C:\Program Files\Spyware Terminator\sp_rsser.exe
PID: 2152 Status: -

Path: C:\Program Files\AVG\AVG9\avgnsx.exe
PID: 2240 Status: -

Path: C:\Program Files\IDT\ECSXPV_5762_010208\WDM\stacsv.exe
PID: 2372 Status: -

Path: C:\WINDOWS\system32\alg.exe
PID: 3456 Status: -

Path: C:\totalcmd\TOTALCMD.EXE
PID: 3664 Status: -

ROOTREPEAL (c) AD, 2007-2009
==================================================
Scan Start Time: 2010/01/16 15:58
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Shadow SSDT
-------------------
#: 000 Function Name: NtGdiAbortDoc
Status: Not hooked

#: 001 Function Name: NtGdiAbortPath
Status: Not hooked

#: 002 Function Name: NtGdiAddFontResourceW
Status: Not hooked

#: 003 Function Name: NtGdiAddRemoteFontToDC
Status: Not hooked

#: 004 Function Name: NtGdiAddFontMemResourceEx
Status: Not hooked

#: 005 Function Name: NtGdiRemoveMergeFont
Status: Not hooked

#: 006 Function Name: NtGdiAddRemoteMMInstanceToDC
Status: Not hooked

#: 007 Function Name: NtGdiAlphaBlend
Status: Not hooked

#: 008 Function Name: NtGdiAngleArc
Status: Not hooked

#: 009 Function Name: NtGdiAnyLinkedFonts
Status: Not hooked

#: 010 Function Name: NtGdiFontIsLinked
Status: Not hooked

#: 011 Function Name: NtGdiArcInternal
Status: Not hooked

#: 012 Function Name: NtGdiBeginPath
Status: Not hooked

#: 013 Function Name: NtGdiBitBlt
Status: Not hooked

#: 014 Function Name: NtGdiCancelDC
Status: Not hooked

#: 015 Function Name: NtGdiCheckBitmapBits
Status: Not hooked

#: 016 Function Name: NtGdiCloseFigure
Status: Not hooked

#: 017 Function Name: NtGdiClearBitmapAttributes
Status: Not hooked

#: 018 Function Name: NtGdiClearBrushAttributes
Status: Not hooked

#: 019 Function Name: NtGdiColorCorrectPalette
Status: Not hooked

#: 020 Function Name: NtGdiCombineRgn
Status: Not hooked

#: 021 Function Name: NtGdiCombineTransform
Status: Not hooked

#: 022 Function Name: NtGdiComputeXformCoefficients
Status: Not hooked

#: 023 Function Name: NtGdiConsoleTextOut
Status: Not hooked

#: 024 Function Name: NtGdiConvertMetafileRect
Status: Not hooked

#: 025 Function Name: NtGdiCreateBitmap
Status: Not hooked

#: 026 Function Name: NtGdiCreateClientObj
Status: Not hooked

#: 027 Function Name: NtGdiCreateColorSpace
Status: Not hooked

#: 028 Function Name: NtGdiCreateColorTransform
Status: Not hooked

#: 029 Function Name: NtGdiCreateCompatibleBitmap
Status: Not hooked

#: 030 Function Name: NtGdiCreateCompatibleDC
Status: Not hooked

#: 031 Function Name: NtGdiCreateDIBBrush
Status: Not hooked

#: 032 Function Name: NtGdiCreateDIBitmapInternal
Status: Not hooked

#: 033 Function Name: NtGdiCreateDIBSection
Status: Not hooked

#: 034 Function Name: NtGdiCreateEllipticRgn
Status: Not hooked

#: 035 Function Name: NtGdiCreateHalftonePalette
Status: Not hooked

#: 036 Function Name: NtGdiCreateHatchBrushInternal
Status: Not hooked

#: 037 Function Name: NtGdiCreateMetafileDC
Status: Not hooked

#: 038 Function Name: NtGdiCreatePaletteInternal
Status: Not hooked

#: 039 Function Name: NtGdiCreatePatternBrushInternal
Status: Not hooked

#: 040 Function Name: NtGdiCreatePen
Status: Not hooked

#: 041 Function Name: NtGdiCreateRectRgn
Status: Not hooked

#: 042 Function Name: NtGdiCreateRoundRectRgn
Status: Not hooked

#: 043 Function Name: NtGdiCreateServerMetaFile
Status: Not hooked

#: 044 Function Name: NtGdiCreateSolidBrush
Status: Not hooked

#: 045 Function Name: NtGdiD3dContextCreate
Status: Not hooked

#: 046 Function Name: NtGdiD3dContextDestroy
Status: Not hooked

#: 047 Function Name: NtGdiD3dContextDestroyAll
Status: Not hooked

#: 048 Function Name: NtGdiD3dValidateTextureStageState
Status: Not hooked

#: 049 Function Name: NtGdiD3dDrawPrimitives2
Status: Not hooked

#: 050 Function Name: NtGdiDdGetDriverState
Status: Not hooked

#: 051 Function Name: NtGdiDdAddAttachedSurface
Status: Not hooked

#: 052 Function Name: NtGdiDdAlphaBlt
Status: Not hooked

#: 053 Function Name: NtGdiDdAttachSurface
Status: Not hooked

#: 054 Function Name: NtGdiDdBeginMoCompFrame
Status: Not hooked

#: 055 Function Name: NtGdiDdBlt
Status: Not hooked

#: 056 Function Name: NtGdiDdCanCreateSurface
Status: Not hooked

#: 057 Function Name: NtGdiDdCanCreateD3DBuffer
Status: Not hooked

#: 058 Function Name: NtGdiDdColorControl
Status: Not hooked

#: 059 Function Name: NtGdiDdCreateDirectDrawObject
Status: Not hooked

#: 060 Function Name: NtGdiDdCreateSurface
Status: Not hooked

#: 061 Function Name: NtGdiDdCreateD3DBuffer
Status: Not hooked

#: 062 Function Name: NtGdiDdCreateMoComp
Status: Not hooked

#: 063 Function Name: NtGdiDdCreateSurfaceObject
Status: Not hooked

#: 064 Function Name: NtGdiDdDeleteDirectDrawObject
Status: Not hooked

#: 065 Function Name: NtGdiDdDeleteSurfaceObject
Status: Not hooked

#: 066 Function Name: NtGdiDdDestroyMoComp
Status: Not hooked

#: 067 Function Name: NtGdiDdDestroySurface
Status: Not hooked

#: 068 Function Name: NtGdiDdDestroyD3DBuffer
Status: Not hooked

#: 069 Function Name: NtGdiDdEndMoCompFrame
Status: Not hooked

#: 070 Function Name: NtGdiDdFlip
Status: Not hooked

#: 071 Function Name: NtGdiDdFlipToGDISurface
Status: Not hooked

#: 072 Function Name: NtGdiDdGetAvailDriverMemory
Status: Not hooked

#: 073 Function Name: NtGdiDdGetBltStatus
Status: Not hooked

#: 074 Function Name: NtGdiDdGetDC
Status: Not hooked

#: 075 Function Name: NtGdiDdGetDriverInfo
Status: Not hooked

#: 076 Function Name: NtGdiDdGetDxHandle
Status: Not hooked

#: 077 Function Name: NtGdiDdGetFlipStatus
Status: Not hooked

#: 078 Function Name: NtGdiDdGetInternalMoCompInfo
Status: Not hooked

#: 079 Function Name: NtGdiDdGetMoCompBuffInfo
Status: Not hooked

#: 080 Function Name: NtGdiDdGetMoCompGuids
Status: Not hooked

#: 081 Function Name: NtGdiDdGetMoCompFormats
Status: Not hooked

#: 082 Function Name: NtGdiDdGetScanLine
Status: Not hooked

#: 083 Function Name: NtGdiDdLock
Status: Not hooked

#: 084 Function Name: NtGdiDdLockD3D
Status: Not hooked

#: 085 Function Name: NtGdiDdQueryDirectDrawObject
Status: Not hooked

#: 086 Function Name: NtGdiDdQueryMoCompStatus
Status: Not hooked

#: 087 Function Name: NtGdiDdReenableDirectDrawObject
Status: Not hooked

#: 088 Function Name: NtGdiDdReleaseDC
Status: Not hooked

#: 089 Function Name: NtGdiDdRenderMoComp
Status: Not hooked

#: 090 Function Name: NtGdiDdResetVisrgn
Status: Not hooked

#: 091 Function Name: NtGdiDdSetColorKey
Status: Not hooked

#: 092 Function Name: NtGdiDdSetExclusiveMode
Status: Not hooked

#: 093 Function Name: NtGdiDdSetGammaRamp
Status: Not hooked

#: 094 Function Name: NtGdiDdCreateSurfaceEx
Status: Not hooked

#: 095 Function Name: NtGdiDdSetOverlayPosition
Status: Not hooked

#: 096 Function Name: NtGdiDdUnattachSurface
Status: Not hooked

#: 097 Function Name: NtGdiDdUnlock
Status: Not hooked

#: 098 Function Name: NtGdiDdUnlockD3D
Status: Not hooked

#: 099 Function Name: NtGdiDdUpdateOverlay
Status: Not hooked

#: 100 Function Name: NtGdiDdWaitForVerticalBlank
Status: Not hooked

#: 101 Function Name: NtGdiDvpCanCreateVideoPort
Status: Not hooked

#: 102 Function Name: NtGdiDvpColorControl
Status: Not hooked

#: 103 Function Name: NtGdiDvpCreateVideoPort
Status: Not hooked

#: 104 Function Name: NtGdiDvpDestroyVideoPort
Status: Not hooked

#: 105 Function Name: NtGdiDvpFlipVideoPort
Status: Not hooked

#: 106 Function Name: NtGdiDvpGetVideoPortBandwidth
Status: Not hooked

#: 107 Function Name: NtGdiDvpGetVideoPortField
Status: Not hooked

#: 108 Function Name: NtGdiDvpGetVideoPortFlipStatus
Status: Not hooked

#: 109 Function Name: NtGdiDvpGetVideoPortInputFormats
Status: Not hooked

#: 110 Function Name: NtGdiDvpGetVideoPortLine
Status: Not hooked

#: 111 Function Name: NtGdiDvpGetVideoPortOutputFormats
Status: Not hooked

#: 112 Function Name: NtGdiDvpGetVideoPortConnectInfo
Status: Not hooked

#: 113 Function Name: NtGdiDvpGetVideoSignalStatus
Status: Not hooked

#: 114 Function Name: NtGdiDvpUpdateVideoPort
Status: Not hooked

#: 115 Function Name: NtGdiDvpWaitForVideoPortSync
Status: Not hooked

#: 116 Function Name: NtGdiDvpAcquireNotification
Status: Not hooked

#: 117 Function Name: NtGdiDvpReleaseNotification
Status: Not hooked

#: 118 Function Name: NtGdiDxgGenericThunk
Status: Not hooked

#: 119 Function Name: NtGdiDeleteClientObj
Status: Not hooked

#: 120 Function Name: NtGdiDeleteColorSpace
Status: Not hooked

#: 121 Function Name: NtGdiDeleteColorTransform
Status: Not hooked

#: 122 Function Name: NtGdiDeleteObjectApp
Status: Not hooked

#: 123 Function Name: NtGdiDescribePixelFormat
Status: Not hooked

#: 124 Function Name: NtGdiGetPerBandInfo
Status: Not hooked

#: 125 Function Name: NtGdiDoBanding
Status: Not hooked

#: 126 Function Name: NtGdiDoPalette
Status: Not hooked

#: 127 Function Name: NtGdiDrawEscape
Status: Not hooked

#: 128 Function Name: NtGdiEllipse
Status: Not hooked

#: 129 Function Name: NtGdiEnableEudc
Status: Not hooked

#: 130 Function Name: NtGdiEndDoc
Status: Not hooked

#: 131 Function Name: NtGdiEndPage
Status: Not hooked

#: 132 Function Name: NtGdiEndPath
Status: Not hooked

#: 133 Function Name: NtGdiEnumFontChunk
Status: Not hooked

#: 134 Function Name: NtGdiEnumFontClose
Status: Not hooked

#: 135 Function Name: NtGdiEnumFontOpen
Status: Not hooked

#: 136 Function Name: NtGdiEnumObjects
Status: Not hooked

#: 137 Function Name: NtGdiEqualRgn
Status: Not hooked

#: 138 Function Name: NtGdiEudcLoadUnloadLink
Status: Not hooked

#: 139 Function Name: NtGdiExcludeClipRect
Status: Not hooked

#: 140 Function Name: NtGdiExtCreatePen
Status: Not hooked

#: 141 Function Name: NtGdiExtCreateRegion
Status: Not hooked

#: 142 Function Name: NtGdiExtEscape
Status: Not hooked

#: 143 Function Name: NtGdiExtFloodFill
Status: Not hooked

#: 144 Function Name: NtGdiExtGetObjectW
Status: Not hooked

#: 145 Function Name: NtGdiExtSelectClipRgn
Status: Not hooked

#: 146 Function Name: NtGdiExtTextOutW
Status: Not hooked

#: 147 Function Name: NtGdiFillPath
Status: Not hooked

#: 148 Function Name: NtGdiFillRgn
Status: Not hooked

#: 149 Function Name: NtGdiFlattenPath
Status: Not hooked

#: 150 Function Name: NtGdiFlushUserBatch
Status: Not hooked

#: 151 Function Name: NtGdiFlush
Status: Not hooked

#: 152 Function Name: NtGdiForceUFIMapping
Status: Not hooked

#: 153 Function Name: NtGdiFrameRgn
Status: Not hooked

#: 154 Function Name: NtGdiFullscreenControl
Status: Not hooked

#: 155 Function Name: NtGdiGetAndSetDCDword
Status: Not hooked

#: 156 Function Name: NtGdiGetAppClipBox
Status: Not hooked

#: 157 Function Name: NtGdiGetBitmapBits
Status: Not hooked

#: 158 Function Name: NtGdiGetBitmapDimension
Status: Not hooked

#: 159 Function Name: NtGdiGetBoundsRect
Status: Not hooked

#: 160 Function Name: NtGdiGetCharABCWidthsW
Status: Not hooked

#: 161 Function Name: NtGdiGetCharacterPlacementW
Status: Not hooked

#: 162 Function Name: NtGdiGetCharSet
Status: Not hooked

#: 163 Function Name: NtGdiGetCharWidthW
Status: Not hooked

#: 164 Function Name: NtGdiGetCharWidthInfo
Status: Not hooked

#: 165 Function Name: NtGdiGetColorAdjustment
Status: Not hooked

#: 166 Function Name: NtGdiGetColorSpaceforBitmap
Status: Not hooked

#: 167 Function Name: NtGdiGetDCDword
Status: Not hooked

#: 168 Function Name: NtGdiGetDCforBitmap
Status: Not hooked

#: 169 Function Name: NtGdiGetDCObject
Status: Not hooked

#: 170 Function Name: NtGdiGetDCPoint
Status: Not hooked

#: 171 Function Name: NtGdiGetDeviceCaps
Status: Not hooked

#: 172 Function Name: NtGdiGetDeviceGammaRamp
Status: Not hooked

#: 173 Function Name: NtGdiGetDeviceCapsAll
Status: Not hooked

#: 174 Function Name: NtGdiGetDIBitsInternal
Status: Not hooked

#: 175 Function Name: NtGdiGetETM
Status: Not hooked

#: 176 Function Name: NtGdiGetEudcTimeStampEx
Status: Not hooked

#: 177 Function Name: NtGdiGetFontData
Status: Not hooked

#: 178 Function Name: NtGdiGetFontResourceInfoInternalW
Status: Not hooked

#: 179 Function Name: NtGdiGetGlyphIndicesW
Status: Not hooked

#: 180 Function Name: NtGdiGetGlyphIndicesWInternal
Status: Not hooked

#: 181 Function Name: NtGdiGetGlyphOutline
Status: Not hooked

#: 182 Function Name: NtGdiGetKerningPairs
Status: Not hooked

#: 183 Function Name: NtGdiGetLinkedUFIs
Status: Not hooked

#: 184 Function Name: NtGdiGetMiterLimit
Status: Not hooked

#: 185 Function Name: NtGdiGetMonitorID
Status: Not hooked

#: 186 Function Name: NtGdiGetNearestColor
Status: Not hooked

#: 187 Function Name: NtGdiGetNearestPaletteIndex
Status: Not hooked

#: 188 Function Name: NtGdiGetObjectBitmapHandle
Status: Not hooked

#: 189 Function Name: NtGdiGetOutlineTextMetricsInternalW
Status: Not hooked

#: 190 Function Name: NtGdiGetPath
Status: Not hooked

#: 191 Function Name: NtGdiGetPixel
Status: Not hooked

#: 192 Function Name: NtGdiGetRandomRgn
Status: Not hooked

#: 193 Function Name: NtGdiGetRasterizerCaps
Status: Not hooked

#: 194 Function Name: NtGdiGetRealizationInfo
Status: Not hooked

#: 195 Function Name: NtGdiGetRegionData
Status: Not hooked

#: 196 Function Name: NtGdiGetRgnBox
Status: Not hooked

#: 197 Function Name: NtGdiGetServerMetaFileBits
Status: Not hooked

#: 198 Function Name: NtGdiGetSpoolMessage
Status: Not hooked

#: 199 Function Name: NtGdiGetStats
Status: Not hooked

#: 200 Function Name: NtGdiGetStockObject
Status: Not hooked

#: 201 Function Name: NtGdiGetStringBitmapW
Status: Not hooked

#: 202 Function Name: NtGdiGetSystemPaletteUse
Status: Not hooked

#: 203 Function Name: NtGdiGetTextCharsetInfo
Status: Not hooked

#: 204 Function Name: NtGdiGetTextExtent
Status: Not hooked

#: 205 Function Name: NtGdiGetTextExtentExW
Status: Not hooked

#: 206 Function Name: NtGdiGetTextFaceW
Status: Not hooked

#: 207 Function Name: NtGdiGetTextMetricsW
Status: Not hooked

#: 208 Function Name: NtGdiGetTransform
Status: Not hooked

#: 209 Function Name: NtGdiGetUFI
Status: Not hooked

#: 210 Function Name: NtGdiGetEmbUFI
Status: Not hooked

#: 211 Function Name: NtGdiGetUFIPathname
Status: Not hooked

#: 212 Function Name: NtGdiGetEmbedFonts
Status: Not hooked

#: 213 Function Name: NtGdiChangeGhostFont
Status: Not hooked

#: 214 Function Name: NtGdiAddEmbFontToDC
Status: Not hooked

#: 215 Function Name: NtGdiGetFontUnicodeRanges
Status: Not hooked

#: 216 Function Name: NtGdiGetWidthTable
Status: Not hooked

#: 217 Function Name: NtGdiGradientFill
Status: Not hooked

#: 218 Function Name: NtGdiHfontCreate
Status: Not hooked

#: 219 Function Name: NtGdiIcmBrushInfo
Status: Not hooked

#: 220 Function Name: NtGdiInit
Status: Not hooked

#: 221 Function Name: NtGdiInitSpool
Status: Not hooked

#: 222 Function Name: NtGdiIntersectClipRect
Status: Not hooked

#: 223 Function Name: NtGdiInvertRgn
Status: Not hooked

#: 224 Function Name: NtGdiLineTo
Status: Not hooked

#: 225 Function Name: NtGdiMakeFontDir
Status: Not hooked

#: 226 Function Name: NtGdiMakeInfoDC
Status: Not hooked

#: 227 Function Name: NtGdiMaskBlt
Status: Not hooked

#: 228 Function Name: NtGdiModifyWorldTransform
Status: Not hooked

#: 229 Function Name: NtGdiMonoBitmap
Status: Not hooked

#: 230 Function Name: NtGdiMoveTo
Status: Not hooked

#: 231 Function Name: NtGdiOffsetClipRgn
Status: Not hooked

#: 232 Function Name: NtGdiOffsetRgn
Status: Not hooked

#: 233 Function Name: NtGdiOpenDCW
Status: Not hooked

#: 234 Function Name: NtGdiPatBlt
Status: Not hooked

#: 235 Function Name: NtGdiPolyPatBlt
Status: Not hooked

#: 236 Function Name: NtGdiPathToRegion
Status: Not hooked

#: 237 Function Name: NtGdiPlgBlt
Status: Not hooked

#: 238 Function Name: NtGdiPolyDraw
Status: Not hooked

#: 239 Function Name: NtGdiPolyPolyDraw
Status: Not hooked

#: 240 Function Name: NtGdiPolyTextOutW
Status: Not hooked

#: 241 Function Name: NtGdiPtInRegion
Status: Not hooked

#: 242 Function Name: NtGdiPtVisible
Status: Not hooked

#: 243 Function Name: NtGdiQueryFonts
Status: Not hooked

#: 244 Function Name: NtGdiQueryFontAssocInfo
Status: Not hooked

#: 245 Function Name: NtGdiRectangle
Status: Not hooked

#: 246 Function Name: NtGdiRectInRegion
Status: Not hooked

#: 247 Function Name: NtGdiRectVisible
Status: Not hooked

#: 248 Function Name: NtGdiRemoveFontResourceW
Status: Not hooked

#: 249 Function Name: NtGdiRemoveFontMemResourceEx
Status: Not hooked

#: 250 Function Name: NtGdiResetDC
Status: Not hooked

#: 251 Function Name: NtGdiResizePalette
Status: Not hooked

#: 252 Function Name: NtGdiRestoreDC
Status: Not hooked

#: 253 Function Name: NtGdiRoundRect
Status: Not hooked

#: 254 Function Name: NtGdiSaveDC
Status: Not hooked

#: 255 Function Name: NtGdiScaleViewportExtEx
Status: Not hooked

#: 256 Function Name: NtGdiScaleWindowExtEx
Status: Not hooked

#: 257 Function Name: NtGdiSelectBitmap
Status: Not hooked

#: 258 Function Name: NtGdiSelectBrush
Status: Not hooked

#: 259 Function Name: NtGdiSelectClipPath
Status: Not hooked

#: 260 Function Name: NtGdiSelectFont
Status: Not hooked

#: 261 Function Name: NtGdiSelectPen
Status: Not hooked

#: 262 Function Name: NtGdiSetBitmapAttributes
Status: Not hooked

#: 263 Function Name: NtGdiSetBitmapBits
Status: Not hooked

#: 264 Function Name: NtGdiSetBitmapDimension
Status: Not hooked

#: 265 Function Name: NtGdiSetBoundsRect
Status: Not hooked

#: 266 Function Name: NtGdiSetBrushAttributes
Status: Not hooked

#: 267 Function Name: NtGdiSetBrushOrg
Status: Not hooked

#: 268 Function Name: NtGdiSetColorAdjustment
Status: Not hooked

#: 269 Function Name: NtGdiSetColorSpace
Status: Not hooked

#: 270 Function Name: NtGdiSetDeviceGammaRamp
Status: Not hooked

#: 271 Function Name: NtGdiSetDIBitsToDeviceInternal
Status: Not hooked

#: 272 Function Name: NtGdiSetFontEnumeration
Status: Not hooked

#: 273 Function Name: NtGdiSetFontXform
Status: Not hooked

#: 274 Function Name: NtGdiSetIcmMode
Status: Not hooked

#: 275 Function Name: NtGdiSetLinkedUFIs
Status: Not hooked

#: 276 Function Name: NtGdiSetMagicColors
Status: Not hooked

#: 277 Function Name: NtGdiSetMetaRgn
Status: Not hooked

#: 278 Function Name: NtGdiSetMiterLimit
Status: Not hooked

#: 279 Function Name: NtGdiGetDeviceWidth
Status: Not hooked

#: 280 Function Name: NtGdiMirrorWindowOrg
Status: Not hooked

#: 281 Function Name: NtGdiSetLayout
Status: Not hooked

#: 282 Function Name: NtGdiSetPixel
Status: Not hooked

#: 283 Function Name: NtGdiSetPixelFormat
Status: Not hooked

#: 284 Function Name: NtGdiSetRectRgn
Status: Not hooked

#: 285 Function Name: NtGdiSetSystemPaletteUse
Status: Not hooked

#: 286 Function Name: NtGdiSetTextJustification
Status: Not hooked

#: 287 Function Name: NtGdiSetupPublicCFONT
Status: Not hooked

#: 288 Function Name: NtGdiSetVirtualResolution
Status: Not hooked

#: 289 Function Name: NtGdiSetSizeDevice
Status: Not hooked

#: 290 Function Name: NtGdiStartDoc
Status: Not hooked

#: 291 Function Name: NtGdiStartPage
Status: Not hooked

#: 292 Function Name: NtGdiStretchBlt
Status: Not hooked

#: 293 Function Name: NtGdiStretchDIBitsInternal
Status: Not hooked

#: 294 Function Name: NtGdiStrokeAndFillPath
Status: Not hooked

#: 295 Function Name: NtGdiStrokePath
Status: Not hooked

#: 296 Function Name: NtGdiSwapBuffers
Status: Not hooked

#: 297 Function Name: NtGdiTransformPoints
Status: Not hooked

#: 298 Function Name: NtGdiTransparentBlt
Status: Not hooked

#: 299 Function Name: NtGdiUnloadPrinterDriver
Status: Not hooked

#: 300 Function Name: NtGdiUnmapMemFont
Status: Not hooked

#: 301 Function Name: NtGdiUnrealizeObject
Status: Not hooked

#: 302 Function Name: NtGdiUpdateColors
Status: Not hooked

#: 303 Function Name: NtGdiWidenPath
Status: Not hooked

#: 304 Function Name: NtUserActivateKeyboardLayout
Status: Not hooked

#: 305 Function Name: NtUserAlterWindowStyle
Status: Not hooked

#: 306 Function Name: NtUserAssociateInputContext
Status: Not hooked

#: 307 Function Name: NtUserAttachThreadInput
Status: Not hooked

#: 308 Function Name: NtUserBeginPaint
Status: Not hooked

#: 309 Function Name: NtUserBitBltSysBmp
Status: Not hooked

#: 310 Function Name: NtUserBlockInput
Status: Not hooked

#: 311 Function Name: NtUserBuildHimcList
Status: Not hooked

#: 312 Function Name: NtUserBuildHwndList
Status: Not hooked

#: 313 Function Name: NtUserBuildNameList
Status: Not hooked

#: 314 Function Name: NtUserBuildPropList
Status: Not hooked

#: 315 Function Name: NtUserCallHwnd
Status: Not hooked

#: 316 Function Name: NtUserCallHwndLock
Status: Not hooked

#: 317 Function Name: NtUserCallHwndOpt
Status: Not hooked

#: 318 Function Name: NtUserCallHwndParam
Status: Not hooked

#: 319 Function Name: NtUserCallHwndParamLock
Status: Not hooked

#: 320 Function Name: NtUserCallMsgFilter
Status: Not hooked

#: 321 Function Name: NtUserCallNextHookEx
Status: Not hooked

#: 322 Function Name: NtUserCallNoParam
Status: Not hooked

#: 323 Function Name: NtUserCallOneParam
Status: Not hooked

#: 324 Function Name: NtUserCallTwoParam
Status: Not hooked

#: 325 Function Name: NtUserChangeClipboardChain
Status: Not hooked

#: 326 Function Name: NtUserChangeDisplaySettings
Status: Not hooked

#: 327 Function Name: NtUserCheckImeHotKey
Status: Not hooked

#: 328 Function Name: NtUserCheckMenuItem
Status: Not hooked

#: 329 Function Name: NtUserChildWindowFromPointEx
Status: Not hooked

#: 330 Function Name: NtUserClipCursor
Status: Not hooked

#: 331 Function Name: NtUserCloseClipboard
Status: Not hooked

#: 332 Function Name: NtUserCloseDesktop
Status: Not hooked

#: 333 Function Name: NtUserCloseWindowStation
Status: Not hooked

#: 334 Function Name: NtUserConsoleControl
Status: Not hooked

#: 335 Function Name: NtUserConvertMemHandle
Status: Not hooked

#: 336 Function Name: NtUserCopyAcceleratorTable
Status: Not hooked

#: 337 Function Name: NtUserCountClipboardFormats
Status: Not hooked

#: 338 Function Name: NtUserCreateAcceleratorTable
Status: Not hooked

#: 339 Function Name: NtUserCreateCaret
Status: Not hooked

#: 340 Function Name: NtUserCreateDesktop
Status: Not hooked

#: 341 Function Name: NtUserCreateInputContext
Status: Not hooked

#: 342 Function Name: NtUserCreateLocalMemHandle
Status: Not hooked

#: 343 Function Name: NtUserCreateWindowEx
Status: Not hooked

#: 344 Function Name: NtUserCreateWindowStation
Status: Not hooked

#: 345 Function Name: NtUserDdeGetQualityOfService
Status: Not hooked

#: 346 Function Name: NtUserDdeInitialize
Status: Not hooked

#: 347 Function Name: NtUserDdeSetQualityOfService
Status: Not hooked

#: 348 Function Name: NtUserDeferWindowPos
Status: Not hooked

#: 349 Function Name: NtUserDefSetText
Status: Not hooked

#: 350 Function Name: NtUserDeleteMenu
Status: Not hooked

#: 351 Function Name: NtUserDestroyAcceleratorTable
Status: Not hooked

#: 352 Function Name: NtUserDestroyCursor
Status: Not hooked

#: 353 Function Name: NtUserDestroyInputContext
Status: Not hooked

#: 354 Function Name: NtUserDestroyMenu
Status: Not hooked

#: 355 Function Name: NtUserDestroyWindow
Status: Not hooked

#: 356 Function Name: NtUserDisableThreadIme
Status: Not hooked

#: 357 Function Name: NtUserDispatchMessage
Status: Not hooked

#: 358 Function Name: NtUserDragDetect
Status: Not hooked

#: 359 Function Name: NtUserDragObject
Status: Not hooked

#: 360 Function Name: NtUserDrawAnimatedRects
Status: Not hooked

#: 361 Function Name: NtUserDrawCaption
Status: Not hooked

#: 362 Function Name: NtUserDrawCaptionTemp
Status: Not hooked

#: 363 Function Name: NtUserDrawIconEx
Status: Not hooked

#: 364 Function Name: NtUserDrawMenuBarTemp
Status: Not hooked

#: 365 Function Name: NtUserEmptyClipboard
Status: Not hooked

#: 366 Function Name: NtUserEnableMenuItem
Status: Not hooked

#: 367 Function Name: NtUserEnableScrollBar
Status: Not hooked

#: 368 Function Name: NtUserEndDeferWindowPosEx
Status: Not hooked

#: 369 Function Name: NtUserEndMenu
Status: Not hooked

#: 370 Function Name: NtUserEndPaint
Status: Not hooked

#: 371 Function Name: NtUserEnumDisplayDevices
Status: Not hooked

#: 372 Function Name: NtUserEnumDisplayMonitors
Status: Not hooked

#: 373 Function Name: NtUserEnumDisplaySettings
Status: Not hooked

#: 374 Function Name: NtUserEvent
Status: Not hooked

#: 375 Function Name: NtUserExcludeUpdateRgn
Status: Not hooked

#: 376 Function Name: NtUserFillWindow
Status: Not hooked

#: 377 Function Name: NtUserFindExistingCursorIcon
Status: Not hooked

#: 378 Function Name: NtUserFindWindowEx
Status: Not hooked

#: 379 Function Name: NtUserFlashWindowEx
Status: Not hooked

#: 380 Function Name: NtUserGetAltTabInfo
Status: Not hooked

#: 381 Function Name: NtUserGetAncestor
Status: Not hooked

#: 382 Function Name: NtUserGetAppImeLevel
Status: Not hooked

#: 383 Function Name: NtUserGetAsyncKeyState
Status: Not hooked

#: 384 Function Name: NtUserGetAtomName
Status: Not hooked

#: 385 Function Name: NtUserGetCaretBlinkTime
Status: Not hooked

#: 386 Function Name: NtUserGetCaretPos
Status: Not hooked

#: 387 Function Name: NtUserGetClassInfo
Status: Not hooked

#: 388 Function Name: NtUserGetClassName
Status: Not hooked

#: 389 Function Name: NtUserGetClipboardData
Status: Not hooked

#: 390 Function Name: NtUserGetClipboardFormatName
Status: Not hooked

#: 391 Function Name: NtUserGetClipboardOwner
Status: Not hooked

#: 392 Function Name: NtUserGetClipboardSequenceNumber
Status: Not hooked

#: 393 Function Name: NtUserGetClipboardViewer
Status: Not hooked

#: 394 Function Name: NtUserGetClipCursor
Status: Not hooked

#: 395 Function Name: NtUserGetComboBoxInfo
Status: Not hooked

#: 396 Function Name: NtUserGetControlBrush
Status: Not hooked

#: 397 Function Name: NtUserGetControlColor
Status: Not hooked

#: 398 Function Name: NtUserGetCPD
Status: Not hooked

#: 399 Function Name: NtUserGetCursorFrameInfo
Status: Not hooked

#: 400 Function Name: NtUserGetCursorInfo
Status: Not hooked

#: 401 Function Name: NtUserGetDC
Status: Not hooked

#: 402 Function Name: NtUserGetDCEx
Status: Not hooked

#: 403 Function Name: NtUserGetDoubleClickTime
Status: Not hooked

#: 404 Function Name: NtUserGetForegroundWindow
Status: Not hooked

#: 405 Function Name: NtUserGetGuiResources
Status: Not hooked

#: 406 Function Name: NtUserGetGUIThreadInfo
Status: Not hooked

#: 407 Function Name: NtUserGetIconInfo
Status: Not hooked

#: 408 Function Name: NtUserGetIconSize
Status: Not hooked

#: 409 Function Name: NtUserGetImeHotKey
Status: Not hooked

#: 410 Function Name: NtUserGetImeInfoEx
Status: Not hooked

#: 411 Function Name: NtUserGetInternalWindowPos
Status: Not hooked

#: 412 Function Name: NtUserGetKeyboardLayoutList
Status: Not hooked

#: 413 Function Name: NtUserGetKeyboardLayoutName
Status: Not hooked

#: 414 Function Name: NtUserGetKeyboardState
Status: Not hooked

#: 415 Function Name: NtUserGetKeyNameText
Status: Not hooked

#: 416 Function Name: NtUserGetKeyState
Status: Not hooked

#: 417 Function Name: NtUserGetListBoxInfo
Status: Not hooked

#: 418 Function Name: NtUserGetMenuBarInfo
Status: Not hooked

#: 419 Function Name: NtUserGetMenuIndex
Status: Not hooked

#: 420 Function Name: NtUserGetMenuItemRect
Status: Not hooked

#: 421 Function Name: NtUserGetMessage
Status: Not hooked

#: 422 Function Name: NtUserGetMouseMovePointsEx
Status: Not hooked

#: 423 Function Name: NtUserGetObjectInformation
Status: Not hooked

#: 424 Function Name: NtUserGetOpenClipboardWindow
Status: Not hooked

#: 425 Function Name: NtUserGetPriorityClipboardFormat
Status: Not hooked

#: 426 Function Name: NtUserGetProcessWindowStation
Status: Not hooked

#: 427 Function Name: NtUserGetRawInputBuffer
Status: Not hooked

#: 428 Function Name: NtUserGetRawInputData
Status: Not hooked

#: 429 Function Name: NtUserGetRawInputDeviceInfo
Status: Not hooked

#: 430 Function Name: NtUserGetRawInputDeviceList
Status: Not hooked

#: 431 Function Name: NtUserGetRegisteredRawInputDevices
Status: Not hooked

#: 432 Function Name: NtUserGetScrollBarInfo
Status: Not hooked

#: 433 Function Name: NtUserGetSystemMenu
Status: Not hooked

#: 434 Function Name: NtUserGetThreadDesktop
Status: Not hooked

#: 435 Function Name: NtUserGetThreadState
Status: Not hooked

#: 436 Function Name: NtUserGetTitleBarInfo
Status: Not hooked

#: 437 Function Name: NtUserGetUpdateRect
Status: Not hooked

#: 438 Function Name: NtUserGetUpdateRgn
Status: Not hooked

#: 439 Function Name: NtUserGetWindowDC
Status: Not hooked

#: 440 Function Name: NtUserGetWindowPlacement
Status: Not hooked

#: 441 Function Name: NtUserGetWOWClass
Status: Not hooked

#: 442 Function Name: NtUserHardErrorControl
Status: Not hooked

#: 443 Function Name: NtUserHideCaret
Status: Not hooked

#: 444 Function Name: NtUserHiliteMenuItem
Status: Not hooked

#: 445 Function Name: NtUserImpersonateDdeClientWindow
Status: Not hooked

#: 446 Function Name: NtUserInitialize
Status: Not hooked

#: 447 Function Name: NtUserInitializeClientPfnArrays
Status: Not hooked

#: 448 Function Name: NtUserInitTask
Status: Not hooked

#: 449 Function Name: NtUserInternalGetWindowText
Status: Not hooked

#: 450 Function Name: NtUserInvalidateRect
Status: Not hooked

#: 451 Function Name: NtUserInvalidateRgn
Status: Not hooked

#: 452 Function Name: NtUserIsClipboardFormatAvailable
Status: Not hooked

#: 453 Function Name: NtUserKillTimer
Status: Not hooked

#: 454 Function Name: NtUserLoadKeyboardLayoutEx
Status: Not hooked

#: 455 Function Name: NtUserLockWindowStation
Status: Not hooked

#: 456 Function Name: NtUserLockWindowUpdate
Status: Not hooked

#: 457 Function Name: NtUserLockWorkStation
Status: Not hooked

#: 458 Function Name: NtUserMapVirtualKeyEx
Status: Not hooked

#: 459 Function Name: NtUserMenuItemFromPoint
Status: Not hooked

#: 460 Function Name: NtUserMessageCall
Status: Not hooked

#: 461 Function Name: NtUserMinMaximize
Status: Not hooked

#: 462 Function Name: NtUserMNDragLeave
Status: Not hooked

#: 463 Function Name: NtUserMNDragOver
Status: Not hooked

#: 464 Function Name: NtUserModifyUserStartupInfoFlags
Status: Not hooked

#: 465 Function Name: NtUserMoveWindow
Status: Not hooked

#: 466 Function Name: NtUserNotifyIMEStatus
Status: Not hooked

#: 467 Function Name: NtUserNotifyProcessCreate
Status: Not hooked

#: 468 Function Name: NtUserNotifyWinEvent
Status: Not hooked

#: 469 Function Name: NtUserOpenClipboard
Status: Not hooked

#: 470 Function Name: NtUserOpenDesktop
Status: Not hooked

#: 471 Function Name: NtUserOpenInputDesktop
Status: Not hooked

#: 472 Function Name: NtUserOpenWindowStation
Status: Not hooked

#: 473 Function Name: NtUserPaintDesktop
Status: Not hooked

#: 474 Function Name: NtUserPeekMessage
Status: Not hooked

#: 475 Function Name: NtUserPostMessage
Status: Not hooked

#: 476 Function Name: NtUserPostThreadMessage
Status: Not hooked

#: 477 Function Name: NtUserPrintWindow
Status: Not hooked

#: 478 Function Name: NtUserProcessConnect
Status: Not hooked

#: 479 Function Name: NtUserQueryInformationThread
Status: Not hooked

#: 480 Function Name: NtUserQueryInputContext
Status: Not hooked

#: 481 Function Name: NtUserQuerySendMessage
Status: Not hooked

#: 482 Function Name: NtUserQueryUserCounters
Status: Not hooked

#: 483 Function Name: NtUserQueryWindow
Status: Not hooked

#: 484 Function Name: NtUserRealChildWindowFromPoint
Status: Not hooked

#: 485 Function Name: NtUserRealInternalGetMessage
Status: Not hooked

#: 486 Function Name: NtUserRealWaitMessageEx
Status: Not hooked

#: 487 Function Name: NtUserRedrawWindow
Status: Not hooked

#: 488 Function Name: NtUserRegisterClassExWOW
Status: Not hooked

#: 489 Function Name: NtUserRegisterUserApiHook
Status: Not hooked

#: 490 Function Name: NtUserRegisterHotKey
Status: Not hooked

#: 491 Function Name: NtUserRegisterRawInputDevices
Status: Not hooked

#: 492 Function Name: NtUserRegisterTasklist
Status: Not hooked

#: 493 Function Name: NtUserRegisterWindowMessage
Status: Not hooked

#: 494 Function Name: NtUserRemoveMenu
Status: Not hooked

#: 495 Function Name: NtUserRemoveProp
Status: Not hooked

#: 496 Function Name: NtUserResolveDesktop
Status: Not hooked

#: 497 Function Name: NtUserResolveDesktopForWOW
Status: Not hooked

#: 498 Function Name: NtUserSBGetParms
Status: Not hooked

#: 499 Function Name: NtUserScrollDC
Status: Not hooked

#: 500 Function Name: NtUserScrollWindowEx
Status: Not hooked

#: 501 Function Name: NtUserSelectPalette
Status: Not hooked

#: 502 Function Name: NtUserSendInput
Status: Not hooked

#: 503 Function Name: NtUserSetActiveWindow
Status: Not hooked

#: 504 Function Name: NtUserSetAppImeLevel
Status: Not hooked

#: 505 Function Name: NtUserSetCapture
Status: Not hooked

#: 506 Function Name: NtUserSetClassLong
Status: Not hooked

#: 507 Function Name: NtUserSetClassWord
Status: Not hooked

#: 508 Function Name: NtUserSetClipboardData
Status: Not hooked

#: 509 Function Name: NtUserSetClipboardViewer
Status: Not hooked

#: 510 Function Name: NtUserSetConsoleReserveKeys
Status: Not hooked

#: 511 Function Name: NtUserSetCursor
Status: Not hooked

#: 512 Function Name: NtUserSetCursorContents
Status: Not hooked

#: 513 Function Name: NtUserSetCursorIconData
Status: Not hooked

#: 514 Function Name: NtUserSetDbgTag
Status: Not hooked

#: 515 Function Name: NtUserSetFocus
Status: Not hooked

#: 516 Function Name: NtUserSetImeHotKey
Status: Not hooked

#: 517 Function Name: NtUserSetImeInfoEx
Status: Not hooked

#: 518 Function Name: NtUserSetImeOwnerWindow
Status: Not hooked

#: 519 Function Name: NtUserSetInformationProcess
Status: Not hooked

#: 520 Function Name: NtUserSetInformationThread
Status: Not hooked

#: 521 Function Name: NtUserSetInternalWindowPos
Status: Not hooked

#: 522 Function Name: NtUserSetKeyboardState
Status: Not hooked

#: 523 Function Name: NtUserSetLogonNotifyWindow
Status: Not hooked

#: 524 Function Name: NtUserSetMenu
Status: Not hooked

#: 525 Function Name: NtUserSetMenuContextHelpId
Status: Not hooked

#: 526 Function Name: NtUserSetMenuDefaultItem
Status: Not hooked

#: 527 Function Name: NtUserSetMenuFlagRtoL
Status: Not hooked

#: 528 Function Name: NtUserSetObjectInformation
Status: Not hooked

#: 529 Function Name: NtUserSetParent
Status: Not hooked

#: 530 Function Name: NtUserSetProcessWindowStation
Status: Not hooked

#: 531 Function Name: NtUserSetProp
Status: Not hooked

#: 532 Function Name: NtUserSetRipFlags
Status: Not hooked

#: 533 Function Name: NtUserSetScrollInfo
Status: Not hooked

#: 534 Function Name: NtUserSetShellWindowEx
Status: Not hooked

#: 535 Function Name: NtUserSetSysColors
Status: Not hooked

#: 536 Function Name: NtUserSetSystemCursor
Status: Not hooked

#: 537 Function Name: NtUserSetSystemMenu
Status: Not hooked

#: 538 Function Name: NtUserSetSystemTimer
Status: Not hooked

#: 539 Function Name: NtUserSetThreadDesktop
Status: Not hooked

#: 540 Function Name: NtUserSetThreadLayoutHandles
Status: Not hooked

#: 541 Function Name: NtUserSetThreadState
Status: Not hooked

#: 542 Function Name: NtUserSetTimer
Status: Not hooked

#: 543 Function Name: NtUserSetWindowFNID
Status: Not hooked

#: 544 Function Name: NtUserSetWindowLong
Status: Not hooked

#: 545 Function Name: NtUserSetWindowPlacement
Status: Not hooked

#: 546 Function Name: NtUserSetWindowPos
Status: Not hooked

#: 547 Function Name: NtUserSetWindowRgn
Status: Not hooked

#: 548 Function Name: NtUserSetWindowsHookAW
Status: Not hooked

#: 549 Function Name: NtUserSetWindowsHookEx
Status: Not hooked

#: 550 Function Name: NtUserSetWindowStationUser
Status: Not hooked

#: 551 Function Name: NtUserSetWindowWord
Status: Not hooked

#: 552 Function Name: NtUserSetWinEventHook
Status: Not hooked

#: 553 Function Name: NtUserShowCaret
Status: Not hooked

#: 554 Function Name: NtUserShowScrollBar
Status: Not hooked

#: 555 Function Name: NtUserShowWindow
Status: Not hooked

#: 556 Function Name: NtUserShowWindowAsync
Status: Not hooked

#: 557 Function Name: NtUserSoundSentry
Status: Not hooked

#: 558 Function Name: NtUserSwitchDesktop
Status: Not hooked

#: 559 Function Name: NtUserSystemParametersInfo
Status: Not hooked

#: 560 Function Name: NtUserTestForInteractiveUser
Status: Not hooked

#: 561 Function Name: NtUserThunkedMenuInfo
Status: Not hooked

#: 562 Function Name: NtUserThunkedMenuItemInfo
Status: Not hooked

#: 563 Function Name: NtUserToUnicodeEx
Status: Not hooked

#: 564 Function Name: NtUserTrackMouseEvent
Status: Not hooked

#: 565 Function Name: NtUserTrackPopupMenuEx
Status: Not hooked

#: 566 Function Name: NtUserCalcMenuBar
Status: Not hooked

#: 567 Function Name: NtUserPaintMenuBar
Status: Not hooked

#: 568 Function Name: NtUserTranslateAccelerator
Status: Not hooked

#: 569 Function Name: NtUserTranslateMessage
Status: Not hooked

#: 570 Function Name: NtUserUnhookWindowsHookEx
Status: Not hooked

#: 571 Function Name: NtUserUnhookWinEvent
Status: Not hooked

#: 572 Function Name: NtUserUnloadKeyboardLayout
Status: Not hooked

#: 573 Function Name: NtUserUnlockWindowStation
Status: Not hooked

#: 574 Function Name: NtUserUnregisterClass
Status: Not hooked

#: 575 Function Name: NtUserUnregisterUserApiHook
Status: Not hooked

#: 576 Function Name: NtUserUnregisterHotKey
Status: Not hooked

#: 577 Function Name: NtUserUpdateInputContext
Status: Not hooked

#: 578 Function Name: NtUserUpdateInstance
Status: Not hooked

#: 579 Function Name: NtUserUpdateLayeredWindow
Status: Not hooked

#: 580 Function Name: NtUserGetLayeredWindowAttributes
Status: Not hooked

#: 581 Function Name: NtUserSetLayeredWindowAttributes
Status: Not hooked

#: 582 Function Name: NtUserUpdatePerUserSystemParameters
Status: Not hooked

#: 583 Function Name: NtUserUserHandleGrantAccess
Status: Not hooked

#: 584 Function Name: NtUserValidateHandleSecure
Status: Not hooked

#: 585 Function Name: NtUserValidateRect
Status: Not hooked

#: 586 Function Name: NtUserValidateTimerCallback
Status: Not hooked

#: 587 Function Name: NtUserVkKeyScanEx
Status: Not hooked

#: 588 Function Name: NtUserWaitForInputIdle
Status: Not hooked

#: 589 Function Name: NtUserWaitForMsgAndEvent
Status: Not hooked

#: 590 Function Name: NtUserWaitMessage
Status: Not hooked

#: 591 Function Name: NtUserWin32PoolAllocationStats
Status: Not hooked

#: 592 Function Name: NtUserWindowFromPoint
Status: Not hooked

#: 593 Function Name: NtUserYieldTask
Status: Not hooked

#: 594 Function Name: NtUserRemoteConnect
Status: Not hooked

#: 595 Function Name: NtUserRemoteRedrawRectangle
Status: Not hooked

#: 596 Function Name: NtUserRemoteRedrawScreen
Status: Not hooked

#: 597 Function Name: NtUserRemoteStopScreenUpdates
Status: Not hooked

#: 598 Function Name: NtUserCtxDisplayIOCtl
Status: Not hooked

#: 599 Function Name: NtGdiEngAssociateSurface
Status: Not hooked

#: 600 Function Name: NtGdiEngCreateBitmap
Status: Not hooked

#: 601 Function Name: NtGdiEngCreateDeviceSurface
Status: Not hooked

#: 602 Function Name: NtGdiEngCreateDeviceBitmap
Status: Not hooked

#: 603 Function Name: NtGdiEngCreatePalette
Status: Not hooked

#: 604 Function Name: NtGdiEngComputeGlyphSet
Status: Not hooked

#: 605 Function Name: NtGdiEngCopyBits
Status: Not hooked

#: 606 Function Name: NtGdiEngDeletePalette
Status: Not hooked

#: 607 Function Name: NtGdiEngDeleteSurface
Status: Not hooked

#: 608 Function Name: NtGdiEngEraseSurface
Status: Not hooked

#: 609 Function Name: NtGdiEngUnlockSurface
Status: Not hooked

#: 610 Function Name: NtGdiEngLockSurface
Status: Not hooked

#: 611 Function Name: NtGdiEngBitBlt
Status: Not hooked

#: 612 Function Name: NtGdiEngStretchBlt
Status: Not hooked

#: 613 Function Name: NtGdiEngPlgBlt
Status: Not hooked

#: 614 Function Name: NtGdiEngMarkBandingSurface
Status: Not hooked

#: 615 Function Name: NtGdiEngStrokePath
Status: Not hooked

#: 616 Function Name: NtGdiEngFillPath
Status: Not hooked

#: 617 Function Name: NtGdiEngStrokeAndFillPath
Status: Not hooked

#: 618 Function Name: NtGdiEngPaint
Status: Not hooked

#: 619 Function Name: NtGdiEngLineTo
Status: Not hooked

#: 620 Function Name: NtGdiEngAlphaBlend
Status: Not hooked

#: 621 Function Name: NtGdiEngGradientFill
Status: Not hooked

#: 622 Function Name: NtGdiEngTransparentBlt
Status: Not hooked

#: 623 Function Name: NtGdiEngTextOut
Status: Not hooked

#: 624 Function Name: NtGdiEngStretchBltROP
Status: Not hooked

#: 625 Function Name: NtGdiXLATEOBJ_cGetPalette
Status: Not hooked

#: 626 Function Name: NtGdiXLATEOBJ_iXlate
Status: Not hooked

#: 627 Function Name: NtGdiXLATEOBJ_hGetColorTransform
Status: Not hooked

#: 628 Function Name: NtGdiCLIPOBJ_bEnum
Status: Not hooked

#: 629 Function Name: NtGdiCLIPOBJ_cEnumStart
Status: Not hooked

#: 630 Function Name: NtGdiCLIPOBJ_ppoGetPath
Status: Not hooked

#: 631 Function Name: NtGdiEngDeletePath
Status: Not hooked

#: 632 Function Name: NtGdiEngCreateClip
Status: Not hooked

#: 633 Function Name: NtGdiEngDeleteClip
Status: Not hooked

#: 634 Function Name: NtGdiBRUSHOBJ_ulGetBrushColor
Status: Not hooked

#: 635 Function Name: NtGdiBRUSHOBJ_pvAllocRbrush
Status: Not hooked

#: 636 Function Name: NtGdiBRUSHOBJ_pvGetRbrush
Status: Not hooked

#: 637 Function Name: NtGdiBRUSHOBJ_hGetColorTransform
Status: Not hooked

#: 638 Function Name: NtGdiXFORMOBJ_bApplyXform
Status: Not hooked

#: 639 Function Name: NtGdiXFORMOBJ_iGetXform
Status: Not hooked

#: 640 Function Name: NtGdiFONTOBJ_vGetInfo
Status: Not hooked

#: 641 Function Name: NtGdiFONTOBJ_pxoGetXform
Status: Not hooked

#: 642 Function Name: NtGdiFONTOBJ_cGetGlyphs
Status: Not hooked

#: 643 Function Name: NtGdiFONTOBJ_pifi
Status: Not hooked

#: 644 Function Name: NtGdiFONTOBJ_pfdg
Status: Not hooked

#: 645 Function Name: NtGdiFONTOBJ_pQueryGlyphAttrs
Status: Not hooked

#: 646 Function Name: NtGdiFONTOBJ_pvTrueTypeFontFile
Status: Not hooked

#: 647 Function Name: NtGdiFONTOBJ_cGetAllGlyphHandles
Status: Not hooked

#: 648 Function Name: NtGdiSTROBJ_bEnum
Status: Not hooked

#: 649 Function Name: NtGdiSTROBJ_bEnumPositionsOnly
Status: Not hooked

#: 650 Function Name: NtGdiSTROBJ_bGetAdvanceWidths
Status: Not hooked

#: 651 Function Name: NtGdiSTROBJ_vEnumStart
Status: Not hooked

#: 652 Function Name: NtGdiSTROBJ_dwGetCodePage
Status: Not hooked

#: 653 Function Name: NtGdiPATHOBJ_vGetBounds
Status: Not hooked

#: 654 Function Name: NtGdiPATHOBJ_bEnum
Status: Not hooked

#: 655 Function Name: NtGdiPATHOBJ_vEnumStart
Status: Not hooked

#: 656 Function Name: NtGdiPATHOBJ_vEnumStartClipLines
Status: Not hooked

#: 657 Function Name: NtGdiPATHOBJ_bEnumClipLines
Status: Not hooked

#: 658 Function Name: NtGdiGetDhpdev
Status: Not hooked

#: 659 Function Name: NtGdiEngCheckAbort
Status: Not hooked

#: 660 Function Name: NtGdiHT_Get8BPPFormatPalette
Status: Not hooked

#: 661 Function Name: NtGdiHT_Get8BPPMaskPalette
Status: Not hooked

#: 662 Function Name: NtGdiUpdateTransform
Status: Not hooked

#: 663 Function Name: NtGdiSetPUMPDOBJ
Status: Not hooked

#: 664 Function Name: NtGdiBRUSHOBJ_DeleteRbrush
Status: Not hooked

#: 665 Function Name: NtGdiUnmapMemFont
Status: Not hooked

#: 666 Function Name: NtGdiDrawStream
Status: Not hooked
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Odesílám spam

#14 Příspěvek od motji »

:o Já skutečně nikde nic nevidím, jste si jistý, že spam odesílá Vaše pc? Nemáte třeba v síti zapojené ještě jedno?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
karel76
Návštěvník
Návštěvník
Příspěvky: 8
Registrován: 14 led 2010 08:57

Re: Odesílám spam

#15 Příspěvek od karel76 »

Vše je v pořádku. Připojovatel mi to potvrdil až dnes.

:worship: Děkuji :worship: děkuji :worship: děkuji :worship:

Mějte se pěkně

Karel

..... superCASH
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“