pokus o ukradeni identity

Zpráva

jaGmann · #1 Příspěvek od **jaGmann** » 01 úno 2010 11:29

Zdravim odborniky a prosim o pomoc.
Na PC se zacalo objevovat anglicky psane varovani Live PC Care s pokusem o ukradeni identity a pobidkou k proskenovani PC nebo seznamem spyware, ktery mam v PC a nutnosti jeho odstraneni.
Rozhodne to neni hlaska od NODa, ktery mimochodem nebezi.
Muzete mi pomoci?
Pri spusteni scanu HJT mi pise varovani ze ma zamezen pristup do host file, ale scan udela:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:27:42, on 1.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CAP3RSK.EXE
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Documents and Settings\All Users\Data aplikací\578c79f\LP578c.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\Uživatel\Plocha\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 84.19.171.6 google.ae
O1 - Hosts: 84.19.171.6 google.as
O1 - Hosts: 84.19.171.6 google.at
O1 - Hosts: 84.19.171.6 google.az
O1 - Hosts: 84.19.171.6 google.ba
O1 - Hosts: 84.19.171.6 google.be
O1 - Hosts: 84.19.171.6 google.bg
O1 - Hosts: 84.19.171.6 google.bs
O1 - Hosts: 84.19.171.6 google.ca
O1 - Hosts: 84.19.171.6 google.cd
O1 - Hosts: 84.19.171.6 google.com.gh
O1 - Hosts: 84.19.171.6 google.com.hk
O1 - Hosts: 84.19.171.6 google.com.jm
O1 - Hosts: 84.19.171.6 google.com.mx
O1 - Hosts: 84.19.171.6 google.com.my
O1 - Hosts: 84.19.171.6 google.com.na
O1 - Hosts: 84.19.171.6 google.com.nf
O1 - Hosts: 84.19.171.6 google.com.ng
O1 - Hosts: 84.19.171.6 google.ch
O1 - Hosts: 84.19.171.6 google.com.np
O1 - Hosts: 84.19.171.6 google.com.pr
O1 - Hosts: 84.19.171.6 google.com.qa
O1 - Hosts: 84.19.171.6 google.com.sg
O1 - Hosts: 84.19.171.6 google.com.tj
O1 - Hosts: 84.19.171.6 google.com.tw
O1 - Hosts: 84.19.171.6 google.dj
O1 - Hosts: 84.19.171.6 google.de
O1 - Hosts: 84.19.171.6 google.dk
O1 - Hosts: 84.19.171.6 google.dm
O1 - Hosts: 84.19.171.6 google.ee
O1 - Hosts: 84.19.171.6 google.fi
O1 - Hosts: 84.19.171.6 google.fm
O1 - Hosts: 84.19.171.6 google.fr
O1 - Hosts: 84.19.171.6 google.ge
O1 - Hosts: 84.19.171.6 google.gg
O1 - Hosts: 84.19.171.6 google.gm
O1 - Hosts: 84.19.171.6 google.gr
O1 - Hosts: 84.19.171.6 google.ht
O1 - Hosts: 84.19.171.6 google.ie
O1 - Hosts: 84.19.171.6 google.im
O1 - Hosts: 84.19.171.6 google.in
O1 - Hosts: 84.19.171.6 google.it
O1 - Hosts: 84.19.171.6 google.ki
O1 - Hosts: 84.19.171.6 google.la
O1 - Hosts: 84.19.171.6 google.li
O1 - Hosts: 84.19.171.6 google.lv
O1 - Hosts: 84.19.171.6 google.ma
O1 - Hosts: 84.19.171.6 google.ms
O1 - Hosts: 84.19.171.6 google.mu
O1 - Hosts: 84.19.171.6 google.mw
O1 - Hosts: 84.19.171.6 google.nl
O1 - Hosts: 84.19.171.6 google.no
O1 - Hosts: 84.19.171.6 google.nr
O1 - Hosts: 84.19.171.6 google.nu
O1 - Hosts: 84.19.171.6 google.pl
O1 - Hosts: 84.19.171.6 google.pn
O1 - Hosts: 84.19.171.6 google.pt
O1 - Hosts: 84.19.171.6 google.ro
O1 - Hosts: 84.19.171.6 google.ru
O1 - Hosts: 84.19.171.6 google.rw
O1 - Hosts: 84.19.171.6 google.sc
O1 - Hosts: 84.19.171.6 google.se
O1 - Hosts: 84.19.171.6 google.sh
O1 - Hosts: 84.19.171.6 google.si
O1 - Hosts: 84.19.171.6 google.sm
O1 - Hosts: 84.19.171.6 google.sn
O1 - Hosts: 84.19.171.6 google.st
O1 - Hosts: 84.19.171.6 google.tl
O1 - Hosts: 84.19.171.6 google.tm
O1 - Hosts: 84.19.171.6 google.tt
O1 - Hosts: 84.19.171.6 google.us
O1 - Hosts: 84.19.171.6 google.vu
O1 - Hosts: 84.19.171.6 google.ws
O1 - Hosts: 84.19.171.6 google.co.ck
O1 - Hosts: 84.19.171.6 google.co.id
O1 - Hosts: 84.19.171.6 google.co.il
O1 - Hosts: 84.19.171.6 google.co.in
O1 - Hosts: 84.19.171.6 google.co.jp
O1 - Hosts: 84.19.171.6 google.co.kr
O1 - Hosts: 84.19.171.6 google.co.ls
O1 - Hosts: 84.19.171.6 google.co.ma
O1 - Hosts: 84.19.171.6 google.co.nz
O1 - Hosts: 84.19.171.6 google.co.tz
O1 - Hosts: 84.19.171.6 google.co.ug
O1 - Hosts: 84.19.171.6 google.co.uk
O1 - Hosts: 84.19.171.6 google.co.za
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Live PC Care] "C:\Documents and Settings\All Users\Data aplikací\578c79f\LP578c.exe" /s /d
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Canon LASER SHOT LBP-1120 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7479197140
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{65430A7B-06AE-4C68-95DE-2F706B1E4A01}: NameServer = 213.192.60.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{65430A7B-06AE-4C68-95DE-2F706B1E4A01}: NameServer = 213.192.60.5
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\intelxpv_v103\wdm\STacSV.exe

--
End of file - 10698 bytes

Diky predem!!!

pitimir · #2 Příspěvek od **pitimir** » 01 úno 2010 16:28

Ahoj.

1) Stiahni HostsXpert. Rozbal program, spust ho a klikni na "Restore MS Hosts File". Potvrd okno a restart PC.
V pripade, ze by ti program vyhodil chybovu hlasku (konkretne "ERROR: Cannot create file..."), klikni na "Make Writeable?" a potom pokracuj podla pokynov vyssie.

2) Stiahni RSIT. Spust, klik na "Continue". Po dokoneceni by se ti mal otvorit textovy subor. Ten skopiruj sem.
Pokial by sa nieco stalo, najdes ho aj na adrese "C:\rsit\log.txt".

3) Stiahni GMER, rozbal ho na plochu a spust. Program automaticky zacne scan (po jeho skonceni vloz log c. 1) - pokial pri scanovani nieco najde (=vyskoci nejake upozornenie), klik na "NO" a nastavis program podla obrazku:
Obrázek

Klik na "Scan". Po scane klik na "Save" a log c. 2 vloz sem.

Ak nic nenajde (=nevyskoci nic), zaskrtaj vpravo vsetko a spusti scan. Po jeho ukonceni klik na "Copy" a vloz log c. 2.

jaGmann · #3 Příspěvek od **jaGmann** » 02 úno 2010 07:30

Pri spusteni HostXpert mi nahlasi Host file is system file - OK pro odstraneni atributu a Host file is hiden file - OK pro odstraneni atributu. Po stisku Restore nahlasi Error: Cannoct create.. a uzavre se. Pri opakovani postupu jsou pocatecni hlasky stejne, klik na Make writable zda se nic neprovede, vyskoci opet hlaska Error a zavre se

RSIT log:
Logfile of random's system information tool 1.06 (written by random/random)
Run by Uživatel at 2010-02-02 06:16:11
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 14 GB (13%) free of 114 GB
Total RAM: 2046 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:16:18, on 2.2.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\idt\intelxpv_v103\wdm\STacSV.exe
C:\WINDOWS\system32\CAP3RSK.EXE
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\IDT\WDM\sttray.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Documents and Settings\All Users\Data aplikací\578c79f\LP578c.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\ICQ6.5\ICQ.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\CAP3SWK.EXE
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Documents and Settings\Uživatel\Plocha\RSIT.exe
C:\Documents and Settings\Uživatel\Plocha\Uživatel.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.centrum.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O1 - Hosts: 74.125.45.100 4-open-davinci.com
O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com
O1 - Hosts: 74.125.45.100 privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com
O1 - Hosts: 74.125.45.100 getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getavplusnow.com
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 84.19.171.6 google.ae
O1 - Hosts: 84.19.171.6 google.as
O1 - Hosts: 84.19.171.6 google.at
O1 - Hosts: 84.19.171.6 google.az
O1 - Hosts: 84.19.171.6 google.ba
O1 - Hosts: 84.19.171.6 google.be
O1 - Hosts: 84.19.171.6 google.bg
O1 - Hosts: 84.19.171.6 google.bs
O1 - Hosts: 84.19.171.6 google.ca
O1 - Hosts: 84.19.171.6 google.cd
O1 - Hosts: 84.19.171.6 google.com.gh
O1 - Hosts: 84.19.171.6 google.com.hk
O1 - Hosts: 84.19.171.6 google.com.jm
O1 - Hosts: 84.19.171.6 google.com.mx
O1 - Hosts: 84.19.171.6 google.com.my
O1 - Hosts: 84.19.171.6 google.com.na
O1 - Hosts: 84.19.171.6 google.com.nf
O1 - Hosts: 84.19.171.6 google.com.ng
O1 - Hosts: 84.19.171.6 google.ch
O1 - Hosts: 84.19.171.6 google.com.np
O1 - Hosts: 84.19.171.6 google.com.pr
O1 - Hosts: 84.19.171.6 google.com.qa
O1 - Hosts: 84.19.171.6 google.com.sg
O1 - Hosts: 84.19.171.6 google.com.tj
O1 - Hosts: 84.19.171.6 google.com.tw
O1 - Hosts: 84.19.171.6 google.dj
O1 - Hosts: 84.19.171.6 google.de
O1 - Hosts: 84.19.171.6 google.dk
O1 - Hosts: 84.19.171.6 google.dm
O1 - Hosts: 84.19.171.6 google.ee
O1 - Hosts: 84.19.171.6 google.fi
O1 - Hosts: 84.19.171.6 google.fm
O1 - Hosts: 84.19.171.6 google.fr
O1 - Hosts: 84.19.171.6 google.ge
O1 - Hosts: 84.19.171.6 google.gg
O1 - Hosts: 84.19.171.6 google.gm
O1 - Hosts: 84.19.171.6 google.gr
O1 - Hosts: 84.19.171.6 google.ht
O1 - Hosts: 84.19.171.6 google.ie
O1 - Hosts: 84.19.171.6 google.im
O1 - Hosts: 84.19.171.6 google.in
O1 - Hosts: 84.19.171.6 google.it
O1 - Hosts: 84.19.171.6 google.ki
O1 - Hosts: 84.19.171.6 google.la
O1 - Hosts: 84.19.171.6 google.li
O1 - Hosts: 84.19.171.6 google.lv
O1 - Hosts: 84.19.171.6 google.ma
O1 - Hosts: 84.19.171.6 google.ms
O1 - Hosts: 84.19.171.6 google.mu
O1 - Hosts: 84.19.171.6 google.mw
O1 - Hosts: 84.19.171.6 google.nl
O1 - Hosts: 84.19.171.6 google.no
O1 - Hosts: 84.19.171.6 google.nr
O1 - Hosts: 84.19.171.6 google.nu
O1 - Hosts: 84.19.171.6 google.pl
O1 - Hosts: 84.19.171.6 google.pn
O1 - Hosts: 84.19.171.6 google.pt
O1 - Hosts: 84.19.171.6 google.ro
O1 - Hosts: 84.19.171.6 google.ru
O1 - Hosts: 84.19.171.6 google.rw
O1 - Hosts: 84.19.171.6 google.sc
O1 - Hosts: 84.19.171.6 google.se
O1 - Hosts: 84.19.171.6 google.sh
O1 - Hosts: 84.19.171.6 google.si
O1 - Hosts: 84.19.171.6 google.sm
O1 - Hosts: 84.19.171.6 google.sn
O1 - Hosts: 84.19.171.6 google.st
O1 - Hosts: 84.19.171.6 google.tl
O1 - Hosts: 84.19.171.6 google.tm
O1 - Hosts: 84.19.171.6 google.tt
O1 - Hosts: 84.19.171.6 google.us
O1 - Hosts: 84.19.171.6 google.vu
O1 - Hosts: 84.19.171.6 google.ws
O1 - Hosts: 84.19.171.6 google.co.ck
O1 - Hosts: 84.19.171.6 google.co.id
O1 - Hosts: 84.19.171.6 google.co.il
O1 - Hosts: 84.19.171.6 google.co.in
O1 - Hosts: 84.19.171.6 google.co.jp
O1 - Hosts: 84.19.171.6 google.co.kr
O1 - Hosts: 84.19.171.6 google.co.ls
O1 - Hosts: 84.19.171.6 google.co.ma
O1 - Hosts: 84.19.171.6 google.co.nz
O1 - Hosts: 84.19.171.6 google.co.tz
O1 - Hosts: 84.19.171.6 google.co.ug
O1 - Hosts: 84.19.171.6 google.co.uk
O1 - Hosts: 84.19.171.6 google.co.za
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [CAP3ON] C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Live PC Care] "C:\Documents and Settings\All Users\Data aplikací\578c79f\LP578c.exe" /s /d
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Canon LASER SHOT LBP-1120 Status Window.LNK = C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 7479197140
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/200 ... ader55.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{65430A7B-06AE-4C68-95DE-2F706B1E4A01}: NameServer = 213.192.60.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{65430A7B-06AE-4C68-95DE-2F706B1E4A01}: NameServer = 213.192.60.5
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: Eset Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (file missing)
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\program files\idt\intelxpv_v103\wdm\STacSV.exe

--
End of file - 10887 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-12-09 958200]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2009-03-12 483422]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-04-27 61440]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice []
"CAP3ON"=C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3ONN.EXE [2002-07-18 22528]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-05-26 413696]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-10-03 35696]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-09-04 935288]
"Live PC Care"=C:\Documents and Settings\All Users\Data aplikací\578c79f\LP578c.exe [2010-01-26 2551296]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2008-04-14 1695232]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"ICQ"=C:\Program Files\ICQ6.5\ICQ.exe [2009-11-16 172792]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Canon LASER SHOT LBP-1120 Status Window.LNK - C:\WINDOWS\system32\spool\drivers\w32x86\3\CAP3LAK.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2009-04-28 155648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Documents and Settings\All Users\Data aplikací\578c79f\LP578c.exe"="C:\Documents and Settings\All Users\Data aplikací\578c79f\LP578c.exe:*:Enabled:Live PC Care"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

======List of files/folders created in the last 1 months======

2010-02-02 06:16:11 ----D---- C:\rsit
2010-01-26 14:42:33 ----D---- C:\Program Files\MSXML 4.0
2010-01-26 10:25:00 ----SHD---- C:\Documents and Settings\Uživatel\Data aplikací\Live PC Care
2010-01-26 10:24:59 ----SHD---- C:\Documents and Settings\All Users\Data aplikací\LPZIUKCG
2010-01-26 10:24:24 ----SHD---- C:\Documents and Settings\All Users\Data aplikací\578c79f
2010-01-25 14:46:18 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\MOBILedit
2010-01-25 14:45:30 ----D---- C:\Program Files\MOBILedit!
2010-01-25 14:34:35 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\Samsung
2010-01-25 14:14:53 ----A---- C:\WINDOWS\system32\framedyn.dll
2010-01-25 14:14:20 ----D---- C:\Program Files\DIFX
2010-01-25 14:11:09 ----D---- C:\WINDOWS\system32\Samsung_USB_Drivers
2010-01-25 14:10:49 ----D---- C:\Program Files\Samsung
2010-01-14 22:34:42 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$
2010-01-14 22:34:28 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$

======List of files/folders modified in the last 1 months======

2010-02-02 06:16:18 ----D---- C:\WINDOWS\Prefetch
2010-02-02 06:14:52 ----D---- C:\Program Files\ESET
2010-02-02 06:14:51 ----D---- C:\WINDOWS\Temp
2010-02-02 06:13:20 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-01-26 14:42:48 ----SHD---- C:\WINDOWS\Installer
2010-01-26 14:42:47 ----D---- C:\WINDOWS\WinSxS
2010-01-26 14:42:45 ----D---- C:\WINDOWS
2010-01-26 14:42:33 ----D---- C:\WINDOWS\system32
2010-01-26 14:42:33 ----D---- C:\Program Files
2010-01-26 12:21:05 ----A---- C:\WINDOWS\wincmd.ini
2010-01-26 10:03:17 ----D---- C:\aa
2010-01-26 10:01:02 ----D---- C:\Documents and Settings\Uživatel\Data aplikací\ICQ
2010-01-25 14:48:33 ----D---- C:\WINDOWS\system32\drivers
2010-01-25 14:48:23 ----HD---- C:\WINDOWS\inf
2010-01-25 14:14:18 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-25 14:12:45 ----HD---- C:\Program Files\InstallShield Installation Information
2010-01-25 14:09:50 ----D---- C:\Program Files\Common Files\Adobe
2010-01-25 14:03:16 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-25 11:00:47 ----RASH---- C:\boot.ini
2010-01-21 22:45:44 ----A---- C:\WINDOWS\imsins.BAK
2010-01-21 22:45:33 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-01-21 22:45:29 ----D---- C:\Program Files\Internet Explorer
2010-01-21 22:45:02 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-21 21:33:03 ----D---- C:\WINDOWS\AppPatch
2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-10-24 53256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-10-24 34824]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2006-07-24 5632]
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-10-24 39944]
R2 osaio;osaio; \??\C:\WINDOWS\system32\drivers\osaio.sys []
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-04-28 3565568]
R3 e1express;Intel(R) PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2008-12-04 241296]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2009-07-19 10368]
R3 STHDA;IDT High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2009-03-12 1550613]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 SMBios;Intel (R) System Management BIOS Service; C:\WINDOWS\system32\DRIVERS\SMBios.sys [2003-11-03 36484]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2007-05-02 83592]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2007-05-02 15112]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2007-05-02 109704]
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-13 12800]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-04-28 602112]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-10-19 222456]
R2 STacSV;Audio Service; c:\program files\idt\intelxpv_v103\wdm\STacSV.exe [2009-03-12 254036]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-04-27 593920]
S2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe []
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe []
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

GMER 1log:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-02-02 06:17:50
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\ufloafow.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

---- EOF - GMER 1.0.15 ----

GMER 2log:
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-02 07:28:19
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\UIVATE~1\LOCALS~1\Temp\ufloafow.sys

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB912B000, 0x1C5DC8, 0xE8000020]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)

---- EOF - GMER 1.0.15 ----

pitimir · #4 Příspěvek od **pitimir** » 02 úno 2010 19:36

Aky pouzivas AV? Ten Nod nevyzera byt celkovo v poriadku, odporucam preinstalovat.

1) Otvor poznamkovy blok a skopiruj donho:

Kód: Vybrat vše

@echo off
del /q /a /f %systemroot%\system32\drivers\etc\hosts 2>nul
echo 127.0.0.1 localhost>>%systemroot%\system32\drivers\etc\hosts
exit

Uloz ako FixHosts.bat (typ vsetky subory) na plochu a spust.

2) Stiahni ComboFix, najlepsie na plochu. Vypni vsetky otvorene aplikacie, ako aj rezidenty antiviru, antispywaru a firewall. Spust program cez ucet s administratorskymi pravami a postupuj podla instrukcii. Cely sken bude trvat cca 10 minut. Pocas neho moze byt PC restartovane. Log, ktory ComboFix vytvori, najdes na adrese "C:\ComboFix.txt".
Ten vloz sem.

Pozor: Kym ComboFix nevytvori log, na nic neklikat, nic nestlacat !!

jaGmann · #5 Příspěvek od **jaGmann** » 03 úno 2010 06:31

Jestli neco provedl bat file nevim, okno jen probliklo...

Log z ComboFix:
ComboFix 10-02-02.02 - Uživatel 03.02.2010 6:20.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1615 [GMT 1:00]
Spuštěný z: c:\documents and settings\Uživatel\Plocha\ComboFix.exe

VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\ICQ6.5\ICQLRun.exe
c:\windows\system32\stacsv.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-03 do 2010-02-03 )))))))))))))))))))))))))))))))
.

2010-02-02 05:16 . 2010-02-02 05:16 -------- d-----w- C:\rsit
2010-01-26 13:42 . 2010-01-26 13:42 -------- d-----w- c:\program files\MSXML 4.0
2010-01-25 13:45 . 2010-01-26 09:42 -------- d-----w- c:\program files\MOBILedit!
2010-01-25 13:14 . 2006-05-03 21:53 174592 ----a-w- c:\windows\system32\framedyn.dll
2010-01-25 13:14 . 2010-01-25 13:14 -------- d-----w- c:\program files\DIFX
2010-01-25 13:13 . 2006-07-24 15:05 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2010-01-25 13:11 . 2007-05-02 10:11 15112 ----a-w- c:\windows\system32\drivers\ss_mdfl.sys
2010-01-25 13:11 . 2007-05-02 10:11 109704 ----a-w- c:\windows\system32\drivers\ss_mdm.sys
2010-01-25 13:11 . 2007-05-02 10:11 83592 ----a-w- c:\windows\system32\drivers\ss_bus.sys
2010-01-25 13:11 . 2007-05-02 10:11 12424 ----a-w- c:\windows\system32\drivers\ss_cmnt.sys
2010-01-25 13:11 . 2007-05-02 10:11 12424 ----a-w- c:\windows\system32\drivers\ss_cm.sys
2010-01-25 13:11 . 2010-01-25 13:11 -------- d-----w- c:\windows\system32\Samsung_USB_Drivers
2010-01-25 13:11 . 2007-05-02 10:11 12424 ----a-w- c:\windows\system32\drivers\ss_whnt.sys
2010-01-25 13:11 . 2007-05-02 10:11 12424 ----a-w- c:\windows\system32\drivers\ss_wh.sys
2010-01-25 13:10 . 2010-01-25 13:10 -------- d-----w- c:\program files\Samsung

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-03 05:24 . 2009-07-19 17:29 -------- d-----w- c:\program files\ICQ6.5
2010-01-25 13:12 . 2009-07-13 09:06 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-25 13:09 . 2009-10-18 12:36 -------- d-----w- c:\program files\Common Files\Adobe
2009-12-21 22:41 . 2009-12-21 22:41 -------- d-----w- c:\program files\FontyPS
2009-12-21 22:41 . 2009-12-21 22:41 1310290 ----a-w- c:\program files\FontyPS.zip
2009-12-21 22:40 . 2009-12-21 22:37 -------- d-----w- c:\program files\Ocad9
2009-12-21 22:40 . 2009-12-21 22:40 -------- d-----w- c:\program files\ocad943
2009-12-21 22:38 . 2009-12-21 22:38 7451141 ----a-w- c:\program files\ocad943.zip
2009-12-21 22:32 . 2009-12-21 22:32 -------- d-----w- c:\program files\o9prof
2009-12-21 22:31 . 2009-12-21 22:31 2473732 ----a-w- c:\program files\o9prof.zip
2009-12-21 19:08 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-11 15:32 . 2009-12-11 15:32 -------- d-----w- c:\program files\GIMP-2.0
2009-12-11 13:30 . 2008-04-14 12:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2009-12-11 13:30 . 2008-04-14 12:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2009-11-21 16:03 . 2008-04-14 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"ICQ"="c:\program files\ICQ6.5\ICQ.exe" [2009-11-16 172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-03-12 483422]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-04-27 61440]
"CAP3ON"="c:\windows\system32\spool\drivers\w32x86\3\CAP3ONN.EXE" [2002-07-18 22528]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"Live PC Care"="c:\documents and settings\All Users\Data aplikací\578c79f\LP578c.exe" [2010-01-26 2551296]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Canon LASER SHOT LBP-1120 Status Window.LNK - c:\windows\system32\spool\drivers\w32x86\3\CAP3LAK.EXE [2009-7-19 30720]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Documents and Settings\\All Users\\Data aplikací\\578c79f\\LP578c.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [24.10.2008 19:53 34824]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [19.7.2009 18:30 222456]
S4 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
.
Obsah adresáře 'Naplánované úlohy'

2010-02-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {65430A7B-06AE-4C68-95DE-2F706B1E4A01} = 213.192.60.5
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-03 06:27
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(728)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2010-02-03 06:28:55
ComboFix-quarantined-files.txt 2010-02-03 05:28

Před spuštěním: Volných bajtů: 15 721 136 128
Po spuštění: Volných bajtů: 16 115 007 488

- - End Of File - - B587156B2BA8F8A06B9A882D6E5DDE98

jaGmann · #6 Příspěvek od **jaGmann** » 03 úno 2010 08:27

ten system je i tak v dost zalostnem stavu a dat na zalohu neni mnoho, rozhodl jsem se pro format a reinstalaci.
velmi dekuji za pomoc!

pitimir · #7 Příspěvek od **pitimir** » 03 úno 2010 17:24

Aj to je risenie...nemas zaco.

VIRY.CZ

pokus o ukradeni identity

pokus o ukradeni identity

Re: pokus o ukradeni identity

Re: pokus o ukradeni identity

Re: pokus o ukradeni identity

Re: pokus o ukradeni identity

Re: pokus o ukradeni identity

Re: pokus o ukradeni identity