Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Lophtcrack
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Lophtcrack
Zdravím, mám problém s Lophtcrackom, nedarí sa mi ho odstrániť. Na počítači som mal NOD32, ten ho nenašiel, teraz mám 30 dňovú verziu Kaspersky nenašiel ho ani on. MWAV ho nájde, odstráni, ale po čase sa objaví znovu. A napadnutých je stále 21 položiek. Najhoršie, že teraz napadol nejaké súbory a keď ho mwav odstránil, prestalo ísť účtovníctvo. Musel som počítač spustiť z bodu obnovenia pred kontrolou mwav. Už mi to lezie na nervy. A zakaždým len 21 súborov Nenavštevujeme na počítači žiadne pofidérne stránky. Niečo som o lopht cracku čítal, že je to program na lámanie hesiel. Netuším načo by boli niekomu heslá z môjho počítača. Iné vírusy počítači nie sú.
Re: Lophtcrack
Zdravim,
zajimave,tento soft ma v pc vetsinou uzivatel umyslne...
Napiste sem jeho umisteni.
Stahnete RSIT ,
spustte, kliknete na continue, po dokonceni by se mel otevrit textovy soubor - pokud se tak
nestane, nachazi se zde: C:\rsit\log.txt.Obsah logu vlozte sem.V pripade nejasnosti navod
zde
zajimave,tento soft ma v pc vetsinou uzivatel umyslne...
Napiste sem jeho umisteni.
Presne napr. kvuli tomuto...prestalo ísť účtovníctvo. Netuším načo by boli niekomu heslá z môjho počítača.
Pokud pouziva pc jeden svedomity uzivatel,tak ok.Ohledne viru uvidime...Nenavštevujeme na počítači žiadne pofidérne stránky.Iné vírusy počítači nie sú.
Stahnete RSIT , spustte, kliknete na continue, po dokonceni by se mel otevrit textovy soubor - pokud se tak
nestane, nachazi se zde: C:\rsit\log.txt.Obsah logu vlozte sem.V pripade nejasnosti navod
zde
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU! ___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Re: Lophtcrack
Logfile of random's system information tool 1.06 (written by random/random)
Run by Home PKone at 2010-01-28 19:36:20
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 135 GB (89%) free of 153 GB
Total RAM: 1023 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:36:23, on 28.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\PROGRA~1\T-MOBI~1\drivers\A96FED~1\FMMSER~1.EXE
C:\Program Files\T-Mobile Communication Centre\TMCC.exe
C:\PROGRA~1\T-MOBI~1\FOFDMU~1.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Home PKone\Desktop\RSIT.exe
C:\Program Files\trend micro\Home PKone.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60207
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: T-Mobile Communication Center.lnk = C:\Program Files\T-Mobile Communication Centre\TMCC.exe
O9 - Extra button: &Virtuální klávesnice - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: &Kontrola adres URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (file missing)
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Mobility Manager Service (FMMService) - Flarion Technologies, Inc. - C:\PROGRA~1\T-MOBI~1\drivers\A96FED~1\FMMSER~1.EXE
O23 - Service: FOFDM Upgrade (FOFDMUpgrade) - Paradoxx Software - C:\PROGRA~1\T-MOBI~1\FOFDMU~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 6593 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll [2009-10-20 68112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-09 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll [2009-10-20 268816]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-12-14 7323648]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-12-14 86016]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-12-22 77824]
"LXCGCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16 []
"lxcgmon.exe"=C:\Program Files\Lexmark 2300 Series\lxcgmon.exe [2005-07-21 200704]
"EzPrint"=C:\Program Files\Lexmark 2300 Series\ezprint.exe [2005-08-01 94208]
"FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2005-07-12 299008]
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe [2005-01-24 81920]
"QuickTime Task"=C:\Program Files\QuickTime Alternative\qttask.exe [2008-05-08 155648]
"WrtMon.exe"=C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe [2006-09-20 20480]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-10-20 340456]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
T-Mobile Communication Center.lnk - C:\Program Files\T-Mobile Communication Centre\TMCC.exe
C:\Documents and Settings\Home PKone\Start Menu\Programs\Startup
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2009-10-20 219664]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=55924053
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2010-01-28 19:20:06 ----A---- C:\Documents and Settings\Home PKone\Application Data\inst.exe
2010-01-28 19:05:01 ----D---- C:\Program Files\CCleaner
2010-01-28 19:01:52 ----D---- C:\Program Files\trend micro
2010-01-28 19:01:33 ----D---- C:\rsit
2010-01-26 18:38:15 ----D---- C:\Program Files\Kaspersky Lab
2010-01-26 18:38:15 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2010-01-26 18:35:13 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-01-24 15:50:09 ----SD---- C:\ComboFix
2010-01-24 15:49:37 ----D---- C:\Qoobox
2010-01-15 20:35:45 ----D---- C:\Program Files\ABC Dictionary
2010-01-13 18:19:35 ----A---- C:\WINDOWS\system32\SkinCrafter3_vs2005.dll
2010-01-13 18:19:34 ----A---- C:\WINDOWS\system32\gdiplus.dll
2010-01-13 18:06:54 ----D---- C:\Documents and Settings\All Users\Application Data\Paradoxx
2010-01-13 18:06:47 ----D---- C:\Documents and Settings\Home PKone\Application Data\Paradoxx
2010-01-13 18:06:07 ----D---- C:\Program Files\T-Mobile Communication Centre
======List of files/folders modified in the last 1 months======
2010-01-28 19:36:12 ----D---- C:\WINDOWS\temp
2010-01-28 19:35:37 ----RD---- C:\Program Files
2010-01-28 19:34:13 ----D---- C:\WINDOWS\Prefetch
2010-01-28 19:33:08 ----SHD---- C:\WINDOWS\Installer
2010-01-28 19:29:25 ----D---- C:\Program Files\Common Files
2010-01-28 19:29:25 ----D---- C:\Program Files\Ahead
2010-01-28 19:29:23 ----D---- C:\WINDOWS\system32\drivers
2010-01-28 19:29:12 ----D---- C:\WINDOWS\system32
2010-01-28 19:22:51 ----D---- C:\WINDOWS
2010-01-28 19:20:57 ----HD---- C:\WINDOWS\inf
2010-01-28 19:20:55 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-28 19:20:55 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-28 19:20:30 ----AD---- C:\Program Files\Texturen
2010-01-28 19:20:29 ----AD---- C:\Program Files\Fonts
2010-01-28 19:20:29 ----AD---- C:\Program Files\Fahrtenschreiber
2010-01-28 19:20:13 ----D---- C:\Program Files\VSO
2010-01-28 19:20:08 ----D---- C:\Documents and Settings\Home PKone\Application Data\Vso
2010-01-28 19:20:03 ----D---- C:\Program Files\Mozilla Firefox
2010-01-28 19:07:43 ----D---- C:\ALFA
2010-01-28 19:06:24 ----D---- C:\WINDOWS\Debug
2010-01-28 19:00:44 ----D---- C:\Documents and Settings\Home PKone\Application Data\ScanSpyware
2010-01-28 18:59:07 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-28 18:59:06 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2010-01-28 16:51:47 ----D---- C:\Documents and Settings\Home PKone\Application Data\OpenOffice.org2
2010-01-27 22:43:52 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-01-26 18:40:13 ----SHD---- C:\System Volume Information
2010-01-26 18:33:54 ----D---- C:\Program Files\ESET
2010-01-24 15:36:30 ----D---- C:\WINDOWS\system32\config
2010-01-24 15:36:18 ----D---- C:\WINDOWS\system32\wbem
2010-01-24 15:36:18 ----D---- C:\WINDOWS\Registration
2010-01-24 15:36:11 ----D---- C:\Documents and Settings
2010-01-24 15:00:54 ----D---- C:\WINDOWS\system32\Restore
2010-01-22 23:23:35 ----D---- C:\Program Files\Lexmark 2300 Series
2010-01-13 18:05:38 ----D---- C:\WINDOWS\WinSxS
2010-01-13 18:05:38 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-11 20:08:12 ----A---- C:\WINDOWS\NeroDigital.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 kl1;Kl1; \??\C:\WINDOWS\system32\drivers\kl1.sys []
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2010-01-26 315408]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2001-08-10 3252]
R2 Angelnt;Angelnt; C:\WINDOWS\System32\Drivers\ANGELNT.SYS [2009-01-05 51072]
R2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys [2003-07-29 40448]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-12-22 2304320]
R3 FlrnUSB;Leadtek USB Network Interface; C:\WINDOWS\system32\DRIVERS\FlrnUSB.sys [2010-01-13 42213]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-22 9600]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-09-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-12-14 3580480]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2004-04-20 24209]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2004-04-20 57404]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-02-23 47360]
S3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-04 12416]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-22 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-10-20 340456]
R2 FMMService;Mobility Manager Service; C:\PROGRA~1\T-MOBI~1\drivers\A96FED~1\FMMSER~1.EXE [2010-01-13 40960]
R2 FOFDMUpgrade;FOFDM Upgrade; C:\PROGRA~1\T-MOBI~1\FOFDMU~1.EXE [2009-04-06 180224]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-12-14 143427]
R3 lxcg_device;lxcg_device; C:\WINDOWS\system32\lxcgcoms.exe [2005-07-25 491520]
R3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2005-01-24 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 32768]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-01-26 53337]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-01-26 53337]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-01-26 69718]
-----------------EOF-----------------
Run by Home PKone at 2010-01-28 19:36:20
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 135 GB (89%) free of 153 GB
Total RAM: 1023 MB (52% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:36:23, on 28.1.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Lexmark 2300 Series\lxcgmon.exe
C:\Program Files\Lexmark 2300 Series\ezprint.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\PROGRA~1\T-MOBI~1\drivers\A96FED~1\FMMSER~1.EXE
C:\Program Files\T-Mobile Communication Centre\TMCC.exe
C:\PROGRA~1\T-MOBI~1\FOFDMU~1.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\OpenOffice.org 2.0\program\soffice.BIN
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\lxcgcoms.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Home PKone\Desktop\RSIT.exe
C:\Program Files\trend micro\Home PKone.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60207
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.0.lnk = C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: T-Mobile Communication Center.lnk = C:\Program Files\T-Mobile Communication Centre\TMCC.exe
O9 - Extra button: &Virtuální klávesnice - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: &Kontrola adres URL - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/s ... wflash.cab
O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe (file missing)
O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
O23 - Service: Mobility Manager Service (FMMService) - Flarion Technologies, Inc. - C:\PROGRA~1\T-MOBI~1\drivers\A96FED~1\FMMSER~1.EXE
O23 - Service: FOFDM Upgrade (FOFDMUpgrade) - Paradoxx Software - C:\PROGRA~1\T-MOBI~1\FOFDMU~1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: lxcg_device - - C:\WINDOWS\system32\lxcgcoms.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 6593 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll [2009-10-20 68112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2009-03-09 320920]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-09 35840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll [2009-10-20 268816]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2005-12-14 7323648]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2005-12-14 86016]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2004-12-22 77824]
"LXCGCATS"=rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16 []
"lxcgmon.exe"=C:\Program Files\Lexmark 2300 Series\lxcgmon.exe [2005-07-21 200704]
"EzPrint"=C:\Program Files\Lexmark 2300 Series\ezprint.exe [2005-08-01 94208]
"FaxCenterServer"=C:\Program Files\Lexmark Fax Solutions\fm3032.exe [2005-07-12 299008]
"SsAAD.exe"=C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe [2005-01-24 81920]
"QuickTime Task"=C:\Program Files\QuickTime Alternative\qttask.exe [2008-05-08 155648]
"WrtMon.exe"=C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe [2006-09-20 20480]
"AVP"=C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-10-20 340456]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-08-04 1667584]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
T-Mobile Communication Center.lnk - C:\Program Files\T-Mobile Communication Centre\TMCC.exe
C:\Documents and Settings\Home PKone\Start Menu\Programs\Startup
OpenOffice.org 2.0.lnk - C:\Program Files\OpenOffice.org 2.0\program\quickstart.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\WINDOWS\system32\klogon.dll [2009-10-20 219664]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=55924053
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Disabled:Firefox"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2010-01-28 19:20:06 ----A---- C:\Documents and Settings\Home PKone\Application Data\inst.exe
2010-01-28 19:05:01 ----D---- C:\Program Files\CCleaner
2010-01-28 19:01:52 ----D---- C:\Program Files\trend micro
2010-01-28 19:01:33 ----D---- C:\rsit
2010-01-26 18:38:15 ----D---- C:\Program Files\Kaspersky Lab
2010-01-26 18:38:15 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2010-01-26 18:35:13 ----D---- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-01-24 15:50:09 ----SD---- C:\ComboFix
2010-01-24 15:49:37 ----D---- C:\Qoobox
2010-01-15 20:35:45 ----D---- C:\Program Files\ABC Dictionary
2010-01-13 18:19:35 ----A---- C:\WINDOWS\system32\SkinCrafter3_vs2005.dll
2010-01-13 18:19:34 ----A---- C:\WINDOWS\system32\gdiplus.dll
2010-01-13 18:06:54 ----D---- C:\Documents and Settings\All Users\Application Data\Paradoxx
2010-01-13 18:06:47 ----D---- C:\Documents and Settings\Home PKone\Application Data\Paradoxx
2010-01-13 18:06:07 ----D---- C:\Program Files\T-Mobile Communication Centre
======List of files/folders modified in the last 1 months======
2010-01-28 19:36:12 ----D---- C:\WINDOWS\temp
2010-01-28 19:35:37 ----RD---- C:\Program Files
2010-01-28 19:34:13 ----D---- C:\WINDOWS\Prefetch
2010-01-28 19:33:08 ----SHD---- C:\WINDOWS\Installer
2010-01-28 19:29:25 ----D---- C:\Program Files\Common Files
2010-01-28 19:29:25 ----D---- C:\Program Files\Ahead
2010-01-28 19:29:23 ----D---- C:\WINDOWS\system32\drivers
2010-01-28 19:29:12 ----D---- C:\WINDOWS\system32
2010-01-28 19:22:51 ----D---- C:\WINDOWS
2010-01-28 19:20:57 ----HD---- C:\WINDOWS\inf
2010-01-28 19:20:55 ----DC---- C:\WINDOWS\system32\DRVSTORE
2010-01-28 19:20:55 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-28 19:20:30 ----AD---- C:\Program Files\Texturen
2010-01-28 19:20:29 ----AD---- C:\Program Files\Fonts
2010-01-28 19:20:29 ----AD---- C:\Program Files\Fahrtenschreiber
2010-01-28 19:20:13 ----D---- C:\Program Files\VSO
2010-01-28 19:20:08 ----D---- C:\Documents and Settings\Home PKone\Application Data\Vso
2010-01-28 19:20:03 ----D---- C:\Program Files\Mozilla Firefox
2010-01-28 19:07:43 ----D---- C:\ALFA
2010-01-28 19:06:24 ----D---- C:\WINDOWS\Debug
2010-01-28 19:00:44 ----D---- C:\Documents and Settings\Home PKone\Application Data\ScanSpyware
2010-01-28 18:59:07 ----D---- C:\WINDOWS\system32\CatRoot2
2010-01-28 18:59:06 ----D---- C:\Documents and Settings\All Users\Application Data\SecTaskMan
2010-01-28 16:51:47 ----D---- C:\Documents and Settings\Home PKone\Application Data\OpenOffice.org2
2010-01-27 22:43:52 ----N---- C:\WINDOWS\SchedLgU.Txt
2010-01-26 18:40:13 ----SHD---- C:\System Volume Information
2010-01-26 18:33:54 ----D---- C:\Program Files\ESET
2010-01-24 15:36:30 ----D---- C:\WINDOWS\system32\config
2010-01-24 15:36:18 ----D---- C:\WINDOWS\system32\wbem
2010-01-24 15:36:18 ----D---- C:\WINDOWS\Registration
2010-01-24 15:36:11 ----D---- C:\Documents and Settings
2010-01-24 15:00:54 ----D---- C:\WINDOWS\system32\Restore
2010-01-22 23:23:35 ----D---- C:\Program Files\Lexmark 2300 Series
2010-01-13 18:05:38 ----D---- C:\WINDOWS\WinSxS
2010-01-13 18:05:38 ----D---- C:\Program Files\Common Files\Microsoft Shared
2010-01-11 20:08:12 ----A---- C:\WINDOWS\NeroDigital.ini
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 36352]
R1 kl1;Kl1; \??\C:\WINDOWS\system32\drivers\kl1.sys []
R1 KLIF;Kaspersky Lab Driver; C:\WINDOWS\system32\DRIVERS\klif.sys [2010-01-26 315408]
R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2001-08-10 3252]
R2 Angelnt;Angelnt; C:\WINDOWS\System32\Drivers\ANGELNT.SYS [2009-01-05 51072]
R2 DgiVecp;Team MFP Comm Driver; C:\WINDOWS\System32\Drivers\DgiVecp.sys [2003-07-29 40448]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2004-12-22 2304320]
R3 FlrnUSB;Leadtek USB Network Interface; C:\WINDOWS\system32\DRIVERS\FlrnUSB.sys [2010-01-13 42213]
R3 hidusb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-22 9600]
R3 klim5;Kaspersky Anti-Virus NDIS Filter; C:\WINDOWS\system32\DRIVERS\klim5.sys [2009-09-14 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\WINDOWS\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2005-12-14 3580480]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\WINDOWS\system32\DRIVERS\NVENETFD.sys [2005-04-05 33536]
R3 nvnetbus;NVIDIA Network Bus Enumerator; C:\WINDOWS\system32\DRIVERS\nvnetbus.sys [2005-04-05 12928]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-03 26624]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-03 57600]
R3 usbohci;Microsoft USB Open Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-03 17024]
R3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
R3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 FTDIBUS;USB Serial Converter Driver; C:\WINDOWS\system32\drivers\ftdibus.sys [2004-04-20 24209]
S3 FTSER2K;USB Serial Port Driver; C:\WINDOWS\system32\drivers\ftser2k.sys [2004-04-20 57404]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-02-23 47360]
S3 tunmp;Microsoft Tun Miniport Adapter Driver; C:\WINDOWS\system32\DRIVERS\tunmp.sys [2004-08-04 12416]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
S4 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-22 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AVP;Kaspersky Anti-Virus; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe [2009-10-20 340456]
R2 FMMService;Mobility Manager Service; C:\PROGRA~1\T-MOBI~1\drivers\A96FED~1\FMMSER~1.EXE [2010-01-13 40960]
R2 FOFDMUpgrade;FOFDM Upgrade; C:\PROGRA~1\T-MOBI~1\FOFDMU~1.EXE [2009-04-06 180224]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2005-12-14 143427]
R3 lxcg_device;lxcg_device; C:\WINDOWS\system32\lxcgcoms.exe [2005-07-25 491520]
R3 SSScsiSV;SonicStage SCSI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe [2005-01-24 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2003-02-20 32768]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe []
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 MSCSPTISRV;MSCSPTISRV; C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe [2005-01-26 53337]
S3 PACSPTISVR;PACSPTISVR; C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe [2005-01-26 53337]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2007-03-26 292864]
S3 SPTISRV;Sony SPTI Service; C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe [2005-01-26 69718]
-----------------EOF-----------------
Re: Lophtcrack
L0phtrack je lamac hesel,je to soft,jako kazdy jiny,vyzaduje registraci.Rozbaluje se do docasne slozky na disku C.Ano,antivir na nej reaguje pozitivne kvuli strukture kodu,to je ale vsechno.
Dejte Start-Hledat a zadejte l0phtrack - umisteni sem postnete.
Vidim,ze byl na pc spusten ComboFix.
CTETE POZORNE NAVOD,TENTO SOFT NETOLERUJE CHYBY V POSTUPU APLIKOVANI!
Klidne si nasledujici radky vytisknete,at vite,co se bude na obrazovce odehravat.
Budte prihlasen na pc s administratorskymi pravy.
stahnete a ulozte nejlepe na plochu ComboFix
v pripade,ze nepujde stranka nacist-stahnete odtud download , popr. nepujde ComboFix spustit - prejmenujte jej na grinder.com a postupujte dale dle instrukci.
hned po startu se zobrazi Zreknuti se prava zaruky na funkcnost software, pokracujte kliknutim na tlacitko Ano:
pote muze nasledovat upozorneni na nainstalovane emulatory CD mechanik,typicky Daemon Tools nebo Alcohol 120
odklepnout OK
Souhlasit s instalaci Recovery console(Konzola pro zotaveni)-nutno funkcni internet
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: upozorneni: Vypnete rezidentni stit u antiviru a antispywaru a zakazte docasne firewall-ComboFix by nemusel fungovat korektne-pokud budete mit stity vypnute a Combofix zahlasi,ze nejsou,pokracujte dal a potvrdte.
po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem
Dejte Start-Hledat a zadejte l0phtrack - umisteni sem postnete.
Vidim,ze byl na pc spusten ComboFix.
CTETE POZORNE NAVOD,TENTO SOFT NETOLERUJE CHYBY V POSTUPU APLIKOVANI!Klidne si nasledujici radky vytisknete,at vite,co se bude na obrazovce odehravat.
Budte prihlasen na pc s administratorskymi pravy.
stahnete a ulozte nejlepe na plochu ComboFix
v pripade,ze nepujde stranka nacist-stahnete odtud download , popr. nepujde ComboFix spustit - prejmenujte jej na grinder.com a postupujte dale dle instrukci.
hned po startu se zobrazi Zreknuti se prava zaruky na funkcnost software, pokracujte kliknutim na tlacitko Ano:
pote muze nasledovat upozorneni na nainstalovane emulatory CD mechanik,typicky Daemon Tools nebo Alcohol 120
odklepnout OK
Souhlasit s instalaci Recovery console(Konzola pro zotaveni)-nutno funkcni internet
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: upozorneni: Vypnete rezidentni stit u antiviru a antispywaru a zakazte docasne firewall-ComboFix by nemusel fungovat korektne-pokud budete mit stity vypnute a Combofix zahlasi,ze nejsou,pokracujte dal a potvrdte.
po restartu aplikace vytvori log, ulozeny na C:/Combofix.txt (pri opakovanem pouziti jsou logy oznaceny Combofix2.txt atd.), jeho obsah vlozte sem
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU! ___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Re: Lophtcrack
ComboFix 10-01-27.06 - Home PKone 28.01.2010 21:04:43.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1023.530 [GMT 1:00]
Running from: c:\documents and settings\Home PKone\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Home PKone\Application Data\inst.exe
c:\documents and settings\Home PKone\My Documents\cc_20100128_190722.reg
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6TO4
-------\Legacy_NPF
((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-28 )))))))))))))))))))))))))))))))
.
2010-01-28 19:21 . 2010-01-28 19:21 -------- d-----w- c:\windows\Binaries
2010-01-28 19:21 . 2010-01-28 19:21 -------- d-----w- c:\program files\Common Files\business objects
2010-01-28 19:19 . 2010-01-28 19:23 -------- d-----w- C:\AlfainsII
2010-01-28 18:05 . 2010-01-28 18:05 -------- d-----w- c:\program files\CCleaner
2010-01-28 18:01 . 2010-01-28 18:36 -------- d-----w- c:\program files\trend micro
2010-01-28 18:01 . 2010-01-28 18:36 -------- d-----w- C:\rsit
2010-01-28 17:59 . 2010-01-28 17:59 907 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_b25099274a207264182f8181add555d0.dll
2010-01-28 17:59 . 2010-01-28 17:59 925 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8376B3491084289409CE4024FEA7BE61.dll
2010-01-26 17:45 . 2010-01-26 17:45 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-01-26 17:45 . 2010-01-26 17:45 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-01-26 17:39 . 2010-01-26 17:39 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-01-26 17:39 . 2010-01-26 17:39 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-01-26 17:38 . 2010-01-28 20:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-01-26 17:38 . 2010-01-26 17:38 -------- d-----w- c:\program files\Kaspersky Lab
2010-01-26 17:35 . 2010-01-26 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-01-24 10:53 . 2010-01-24 10:54 4698448 ----a-w- c:\windows\REGBK11.ZIP
2010-01-15 19:35 . 2010-01-15 19:35 -------- d-----w- c:\program files\ABC Dictionary
2010-01-13 17:19 . 2009-07-13 12:23 880640 ----a-w- c:\windows\system32\SkinCrafter3_vs2005.dll
2010-01-13 17:19 . 2008-04-15 17:47 1724416 ----a-w- c:\windows\system32\gdiplus.dll
2010-01-13 17:19 . 2010-01-13 17:19 42213 ----a-w- c:\windows\system32\drivers\FlrnUSB.sys
2010-01-13 17:14 . 2010-01-13 17:17 15737800 ----a-w- c:\documents and settings\Home PKone\Application Data\Paradoxx\PhoneReport\Updates\update_3.57.95.99.exe
2010-01-13 17:06 . 2010-01-13 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Paradoxx
2010-01-13 17:06 . 2010-01-13 17:06 -------- d-----w- c:\documents and settings\Home PKone\Application Data\Paradoxx
2010-01-13 17:06 . 2010-01-13 17:19 -------- d-----w- c:\program files\T-Mobile Communication Centre
2010-01-09 08:58 . 2010-01-09 08:59 4657760 ----a-w- c:\windows\REGBK10.ZIP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-28 20:11 . 2007-10-11 16:37 -------- d-----w- c:\documents and settings\Home PKone\Application Data\OpenOffice.org2
2010-01-28 19:43 . 2007-10-05 23:10 16120 ----a-w- c:\documents and settings\Home PKone\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-28 19:21 . 2008-01-13 17:47 405 ----a-w- c:\windows\system32\ANGELDOS.SYS
2010-01-28 19:21 . 2008-01-13 17:47 11520 ----a-w- c:\windows\system32\drivers\angelusb.sys
2010-01-28 19:21 . 2008-01-13 17:47 20480 ----a-w- c:\windows\system32\ANGELVDD.DLL
2010-01-28 19:20 . 2008-01-13 17:47 51072 ----a-w- c:\windows\system32\drivers\ANGELNT.SYS
2010-01-28 18:29 . 2007-10-04 13:34 -------- d-----w- c:\program files\Ahead
2010-01-28 18:20 . 2007-11-25 17:51 -------- d---a-w- c:\program files\Texturen
2010-01-28 18:20 . 2007-11-25 17:51 -------- d---a-w- c:\program files\Fonts
2010-01-28 18:20 . 2007-11-25 17:51 -------- d---a-w- c:\program files\Fahrtenschreiber
2010-01-28 18:20 . 2009-01-08 16:20 -------- d-----w- c:\program files\VSO
2010-01-28 18:20 . 2009-01-08 16:20 -------- d-----w- c:\documents and settings\Home PKone\Application Data\Vso
2010-01-28 18:20 . 2009-01-08 16:20 47360 ----a-w- c:\documents and settings\Home PKone\Application Data\pcouffin.sys
2010-01-28 18:20 . 2009-01-08 16:20 47360 ----a-w- c:\documents and settings\Home PKone\Application Data\pcouffin.sys
2010-01-28 18:00 . 2009-10-24 09:28 -------- d-----w- c:\documents and settings\Home PKone\Application Data\ScanSpyware
2010-01-28 17:59 . 2009-12-08 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-01-26 17:33 . 2007-10-04 16:39 -------- d-----w- c:\program files\ESET
2010-01-22 22:23 . 2007-10-04 12:54 -------- d-----w- c:\program files\Lexmark 2300 Series
2009-12-20 08:28 . 2009-12-20 08:27 4658282 ----a-w- c:\windows\REGBK09.ZIP
2009-12-11 16:22 . 2007-10-04 16:53 -------- d-----w- c:\program files\Java
2009-12-11 16:21 . 2009-12-11 16:21 152576 ----a-w- c:\documents and settings\Home PKone\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-11 16:21 . 2009-11-24 17:54 79488 ----a-w- c:\documents and settings\Home PKone\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-06 10:36 . 2009-12-06 10:35 4658267 ----a-w- c:\windows\REGBK08.ZIP
2009-11-22 19:19 . 2009-11-22 19:18 4657544 ----a-w- c:\windows\REGBK07.ZIP
2009-11-18 10:27 . 2009-11-18 10:27 59976 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\Czech\setup.exe
2009-11-01 19:07 . 2009-11-01 19:06 4666500 ----a-w- c:\windows\REGBK06.ZIP
2007-11-25 17:51 . 2007-11-25 17:51 104492 ----a-w- c:\program files\UninstallB5F6.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-14 7323648]
"nwiz"="nwiz.exe" [2005-12-14 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-14 86016]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 77824]
"LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 73728]
"lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2005-07-21 200704]
"EzPrint"="c:\program files\Lexmark 2300 Series\ezprint.exe" [2005-08-01 94208]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 81920]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2008-05-08 155648]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-20 340456]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\Home PKone\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-2-26 393216]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
T-Mobile Communication Center.lnk - c:\program files\T-Mobile Communication Centre\TMCC.exe [2010-1-13 761856]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"443:TCP"= 443:TCP:*:Disabled:login.icq.com
"5190:TCP"= 5190:TCP:*:Disabled:login.icq.com
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14.10.2009 20:18 36880]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [13.1.2008 18:47 51072]
R2 FMMService;Mobility Manager Service;c:\progra~1\T-MOBI~1\drivers\A96FED~1\FMMSER~1.EXE [13.1.2010 18:06 40960]
R2 FOFDMUpgrade;FOFDM Upgrade;c:\progra~1\T-MOBI~1\FOFDMU~1.EXE [13.1.2010 18:06 180224]
R3 FlrnUSB;Leadtek USB Network Interface;c:\windows\system32\drivers\FlrnUSB.sys [13.1.2010 18:19 42213]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14.9.2009 13:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2.10.2009 18:39 19472]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
FF - ProfilePath - c:\documents and settings\Home PKone\Application Data\Mozilla\Firefox\Profiles\kkkd7z0u.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx? ... 60207&qkw=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -
AddRemove-LexmarkX500Network - c:\program files\InstallShield Installation Information\LexmarkX500\DrUnInst.exe
AddRemove-{338BE0C4-BB77-47AE-A33B-65FEAFA3D151} - c:\program files\InstallShield Installation Information\{338BE0C4-BB77-47AE-A33B-65FEAFA3D151}\setup.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-28 21:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2556)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\lxcgcoms.exe
c:\program files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
c:\program files\OpenOffice.org 2.0\program\soffice.exe
c:\program files\OpenOffice.org 2.0\program\soffice.BIN
.
**************************************************************************
.
Completion time: 2010-01-28 21:14:48 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-28 20:14
Pre-Run: 141 169 262 592 bytes free
Post-Run: 141 291 143 168 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 00E08C55F814085C360CCD98124C582C
Ked som dal hladat cez start tak nic nenaslo
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1023.530 [GMT 1:00]
Running from: c:\documents and settings\Home PKone\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Home PKone\Application Data\inst.exe
c:\documents and settings\Home PKone\My Documents\cc_20100128_190722.reg
c:\windows\regedit.com
c:\windows\system32\taskmgr.com
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_6TO4
-------\Legacy_NPF
((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-28 )))))))))))))))))))))))))))))))
.
2010-01-28 19:21 . 2010-01-28 19:21 -------- d-----w- c:\windows\Binaries
2010-01-28 19:21 . 2010-01-28 19:21 -------- d-----w- c:\program files\Common Files\business objects
2010-01-28 19:19 . 2010-01-28 19:23 -------- d-----w- C:\AlfainsII
2010-01-28 18:05 . 2010-01-28 18:05 -------- d-----w- c:\program files\CCleaner
2010-01-28 18:01 . 2010-01-28 18:36 -------- d-----w- c:\program files\trend micro
2010-01-28 18:01 . 2010-01-28 18:36 -------- d-----w- C:\rsit
2010-01-28 17:59 . 2010-01-28 17:59 907 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_b25099274a207264182f8181add555d0.dll
2010-01-28 17:59 . 2010-01-28 17:59 925 ----a-w- c:\documents and settings\All Users\Application Data\SecTaskMan\icn_8376B3491084289409CE4024FEA7BE61.dll
2010-01-26 17:45 . 2010-01-26 17:45 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-01-26 17:45 . 2010-01-26 17:45 80400 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
2010-01-26 17:39 . 2010-01-26 17:39 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2010-01-26 17:39 . 2010-01-26 17:39 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2010-01-26 17:38 . 2010-01-28 20:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-01-26 17:38 . 2010-01-26 17:38 -------- d-----w- c:\program files\Kaspersky Lab
2010-01-26 17:35 . 2010-01-26 17:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-01-24 10:53 . 2010-01-24 10:54 4698448 ----a-w- c:\windows\REGBK11.ZIP
2010-01-15 19:35 . 2010-01-15 19:35 -------- d-----w- c:\program files\ABC Dictionary
2010-01-13 17:19 . 2009-07-13 12:23 880640 ----a-w- c:\windows\system32\SkinCrafter3_vs2005.dll
2010-01-13 17:19 . 2008-04-15 17:47 1724416 ----a-w- c:\windows\system32\gdiplus.dll
2010-01-13 17:19 . 2010-01-13 17:19 42213 ----a-w- c:\windows\system32\drivers\FlrnUSB.sys
2010-01-13 17:14 . 2010-01-13 17:17 15737800 ----a-w- c:\documents and settings\Home PKone\Application Data\Paradoxx\PhoneReport\Updates\update_3.57.95.99.exe
2010-01-13 17:06 . 2010-01-13 17:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Paradoxx
2010-01-13 17:06 . 2010-01-13 17:06 -------- d-----w- c:\documents and settings\Home PKone\Application Data\Paradoxx
2010-01-13 17:06 . 2010-01-13 17:19 -------- d-----w- c:\program files\T-Mobile Communication Centre
2010-01-09 08:58 . 2010-01-09 08:59 4657760 ----a-w- c:\windows\REGBK10.ZIP
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-28 20:11 . 2007-10-11 16:37 -------- d-----w- c:\documents and settings\Home PKone\Application Data\OpenOffice.org2
2010-01-28 19:43 . 2007-10-05 23:10 16120 ----a-w- c:\documents and settings\Home PKone\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-28 19:21 . 2008-01-13 17:47 405 ----a-w- c:\windows\system32\ANGELDOS.SYS
2010-01-28 19:21 . 2008-01-13 17:47 11520 ----a-w- c:\windows\system32\drivers\angelusb.sys
2010-01-28 19:21 . 2008-01-13 17:47 20480 ----a-w- c:\windows\system32\ANGELVDD.DLL
2010-01-28 19:20 . 2008-01-13 17:47 51072 ----a-w- c:\windows\system32\drivers\ANGELNT.SYS
2010-01-28 18:29 . 2007-10-04 13:34 -------- d-----w- c:\program files\Ahead
2010-01-28 18:20 . 2007-11-25 17:51 -------- d---a-w- c:\program files\Texturen
2010-01-28 18:20 . 2007-11-25 17:51 -------- d---a-w- c:\program files\Fonts
2010-01-28 18:20 . 2007-11-25 17:51 -------- d---a-w- c:\program files\Fahrtenschreiber
2010-01-28 18:20 . 2009-01-08 16:20 -------- d-----w- c:\program files\VSO
2010-01-28 18:20 . 2009-01-08 16:20 -------- d-----w- c:\documents and settings\Home PKone\Application Data\Vso
2010-01-28 18:20 . 2009-01-08 16:20 47360 ----a-w- c:\documents and settings\Home PKone\Application Data\pcouffin.sys
2010-01-28 18:20 . 2009-01-08 16:20 47360 ----a-w- c:\documents and settings\Home PKone\Application Data\pcouffin.sys
2010-01-28 18:00 . 2009-10-24 09:28 -------- d-----w- c:\documents and settings\Home PKone\Application Data\ScanSpyware
2010-01-28 17:59 . 2009-12-08 18:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SecTaskMan
2010-01-26 17:33 . 2007-10-04 16:39 -------- d-----w- c:\program files\ESET
2010-01-22 22:23 . 2007-10-04 12:54 -------- d-----w- c:\program files\Lexmark 2300 Series
2009-12-20 08:28 . 2009-12-20 08:27 4658282 ----a-w- c:\windows\REGBK09.ZIP
2009-12-11 16:22 . 2007-10-04 16:53 -------- d-----w- c:\program files\Java
2009-12-11 16:21 . 2009-12-11 16:21 152576 ----a-w- c:\documents and settings\Home PKone\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-12-11 16:21 . 2009-11-24 17:54 79488 ----a-w- c:\documents and settings\Home PKone\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2009-12-06 10:36 . 2009-12-06 10:35 4658267 ----a-w- c:\windows\REGBK08.ZIP
2009-11-22 19:19 . 2009-11-22 19:18 4657544 ----a-w- c:\windows\REGBK07.ZIP
2009-11-18 10:27 . 2009-11-18 10:27 59976 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\Czech\setup.exe
2009-11-01 19:07 . 2009-11-01 19:06 4666500 ----a-w- c:\windows\REGBK06.ZIP
2007-11-25 17:51 . 2007-11-25 17:51 104492 ----a-w- c:\program files\UninstallB5F6.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2005-12-14 7323648]
"nwiz"="nwiz.exe" [2005-12-14 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2005-12-14 86016]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 77824]
"LXCGCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCGtime.dll" [2005-07-20 73728]
"lxcgmon.exe"="c:\program files\Lexmark 2300 Series\lxcgmon.exe" [2005-07-21 200704]
"EzPrint"="c:\program files\Lexmark 2300 Series\ezprint.exe" [2005-08-01 94208]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2005-07-12 299008]
"SsAAD.exe"="c:\progra~1\Sony\SONICS~1\SsAAD.exe" [2005-01-24 81920]
"QuickTime Task"="c:\program files\QuickTime Alternative\qttask.exe" [2008-05-08 155648]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-20 340456]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
c:\documents and settings\Home PKone\Start Menu\Programs\Startup\
OpenOffice.org 2.0.lnk - c:\program files\OpenOffice.org 2.0\program\quickstart.exe [2006-2-26 393216]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
T-Mobile Communication Center.lnk - c:\program files\T-Mobile Communication Centre\TMCC.exe [2010-1-13 761856]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"443:TCP"= 443:TCP:*:Disabled:login.icq.com
"5190:TCP"= 5190:TCP:*:Disabled:login.icq.com
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [14.10.2009 20:18 36880]
R2 Angelnt;Angelnt;c:\windows\system32\drivers\ANGELNT.SYS [13.1.2008 18:47 51072]
R2 FMMService;Mobility Manager Service;c:\progra~1\T-MOBI~1\drivers\A96FED~1\FMMSER~1.EXE [13.1.2010 18:06 40960]
R2 FOFDMUpgrade;FOFDM Upgrade;c:\progra~1\T-MOBI~1\FOFDMU~1.EXE [13.1.2010 18:06 180224]
R3 FlrnUSB;Leadtek USB Network Interface;c:\windows\system32\drivers\FlrnUSB.sys [13.1.2010 18:19 42213]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14.9.2009 13:42 32272]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2.10.2009 18:39 19472]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
FF - ProfilePath - c:\documents and settings\Home PKone\Application Data\Mozilla\Firefox\Profiles\kkkd7z0u.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://www.crawler.com/search/dispatcher.aspx? ... 60207&qkw=
FF - prefs.js: network.proxy.type - 4
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\QuickTime Alternative\Plugins\npqtplugin5.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".sk");
.
- - - - ORPHANS REMOVED - - - -
AddRemove-LexmarkX500Network - c:\program files\InstallShield Installation Information\LexmarkX500\DrUnInst.exe
AddRemove-{338BE0C4-BB77-47AE-A33B-65FEAFA3D151} - c:\program files\InstallShield Installation Information\{338BE0C4-BB77-47AE-A33B-65FEAFA3D151}\setup.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-28 21:11
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(2556)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\lxcgcoms.exe
c:\program files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
c:\windows\system32\spool\drivers\w32x86\3\WrtProc.exe
c:\program files\OpenOffice.org 2.0\program\soffice.exe
c:\program files\OpenOffice.org 2.0\program\soffice.BIN
.
**************************************************************************
.
Completion time: 2010-01-28 21:14:48 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-28 20:14
Pre-Run: 141 169 262 592 bytes free
Post-Run: 141 291 143 168 bytes free
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
- - End Of File - - 00E08C55F814085C360CCD98124C582C
Ked som dal hladat cez start tak nic nenaslo
Re: Lophtcrack
Neco smazano,zbytek logu ok.
Pouzijte MWAV a log z nej vlozte sem.
MWAV ho nájde, odstráni, ale po čase sa objaví znovu. A napadnutých je stále 21 položiek.
Pouzijte MWAV a log z nej vlozte sem.
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU! ___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Re: Lophtcrack
Ten log je strasne velky, nestaci vypis kde sa spomina lophtcrack?
29 I 2010 17:53:20 - Testování HKLM\SYSTEM\CurrentControlSet\Services\VxD
29 I 2010 17:53:20 - ***** Prohledávání registrů a souborů na přítomnost Adware/Spyware *****
29 I 2010 17:53:20 - Loading Spyware Signatures from new External Database [Name: C:\DOCUME~1\HOMEPK~1\LOCALS~1\temp\spydb.avs, Size: 931148]...
29 I 2010 17:53:21 - Indexed Spyware Databases Successfully Created...
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{179B6120-3BEA-11D1-8FD4-00AA00BD091C})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{179B6121-3BEA-11D1-8FD4-00AA00BD091C})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{179B6122-3BEA-11D1-8FD4-00AA00BD091C})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{179B6123-3BEA-11D1-8FD4-00AA00BD091C})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{179B6125-3BEA-11D1-8FD4-00AA00BD091C})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{179B6126-3BEA-11D1-8FD4-00AA00BD091C})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{179B6127-3BEA-11D1-8FD4-00AA00BD091C})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{179B6128-3BEA-11D1-8FD4-00AA00BD091C})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{608E8B11-3690-11D1-8FD4-00AA00BD091C})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{9F37C431-98F3-11D1-9C3B-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{9F37C432-98F3-11D1-9C3B-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{9F37C433-98F3-11D1-9C3B-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{9F37C434-98F3-11D1-9C3B-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{9F37C435-98F3-11D1-9C3B-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{9F37C436-98F3-11D1-9C3B-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\typelib\{9F37C430-98F3-11D1-9C3B-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\interface\{1D3266C1-745C-11D0-9223-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\interface\{1D3266C2-745C-11D0-9223-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\interface\{1D3266C3-745C-11D0-9223-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\interface\{1D3266C4-745C-11D0-9223-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\interface\{1D3266D1-745C-11D0-9223-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\interface\{1D3266D2-745C-11D0-9223-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\interface\{1D3266D3-745C-11D0-9223-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\interface\{1D3266D4-745C-11D0-9223-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\interface\{5DECA4E0-3B4F-11D1-8FD4-00AA00BD091C})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\interface\{608E8B10-3690-11D1-8FD4-00AA00BD091C})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\interface\{8A906AC2-BE4B-11D1-B134-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\interface\{9F37C448-98F3-11D1-9C3B-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\interface\{9F37C449-98F3-11D1-9C3B-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\interface\{9F37C44C-98F3-11D1-9C3B-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\interface\{9F37C44D-98F3-11D1-9C3B-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\interface\{9F37C44F-98F3-11D1-9C3B-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\interface\{A24604BA-C27F-11D1-9C4E-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\interface\{D5688691-E6B0-11D1-89B0-00AA00BD091C})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\interface\{EDBC92F0-B34C-11D1-B134-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\interface\{F3743560-454E-11D1-8FD4-00AA00BD091C})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:22 - Offending file found: C:\WINDOWS\system32\SfxBar.dll
29 I 2010 17:53:22 - System found infected with LophtCrack Spyware/Adware (SfxBar.dll)! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:29 - Offending Registry Entry found: HKLM\SOFTWARE\Classes\ChartFX.Chart
29 I 2010 17:53:29 - System found infected with LophtCrack Spyware/Adware (HKLM\SOFTWARE\Classes\ChartFX.Chart)! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:29 - Offending Registry Entry found: HKLM\SOFTWARE\Classes\ChartFX.Chart.4
29 I 2010 17:53:29 - System found infected with LophtCrack Spyware/Adware (HKLM\SOFTWARE\Classes\ChartFX.Chart.4)! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:29 - Offending Registry Entry found: HKLM\SOFTWARE\Classes\SfxBar.CommandBar
29 I 2010 17:53:29 - System found infected with LophtCrack Spyware/Adware (HKLM\SOFTWARE\Classes\SfxBar.CommandBar)! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:29 - Offending Registry Entry found: HKLM\SOFTWARE\Classes\SfxBar.CommandBar.1
29 I 2010 17:53:29 - System found infected with LophtCrack Spyware/Adware (HKLM\SOFTWARE\Classes\SfxBar.CommandBar.1)! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:29 - Offending Registry Entry found: HKLM\SOFTWARE\Classes\SfxBar.ToolBar
29 I 2010 17:53:29 - System found infected with LophtCrack Spyware/Adware (HKLM\SOFTWARE\Classes\SfxBar.ToolBar)! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:29 - Offending Registry Entry found: HKLM\SOFTWARE\Classes\SfxBar.ToolBar.1
29 I 2010 17:53:29 - System found infected with LophtCrack Spyware/Adware (HKLM\SOFTWARE\Classes\SfxBar.ToolBar.1)! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:29 - Offending Registry Entry found: HKLM\SOFTWARE\Classes\SfxBar.ToolCombo
29 I 2010 17:53:29 - System found infected with LophtCrack Spyware/Adware (HKLM\SOFTWARE\Classes\SfxBar.ToolCombo)! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:29 - Offending Registry Entry found: HKLM\SOFTWARE\Classes\SfxBar.ToolCombo.1
29 I 2010 17:53:29 - System found infected with LophtCrack Spyware/Adware (HKLM\SOFTWARE\Classes\SfxBar.ToolCombo.1)! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:29 - Offending Registry Entry found: HKCU\SOFTWARE\Wget
29 I 2010 17:53:29 - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\SOFTWARE\Wget)! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:29 - Offending Registry Entry found: HKCU\Software\Microsoft\OLE
29 I 2010 17:53:29 - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\Software\Microsoft\OLE)! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:32 - Offending Registry Entry found: HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers
29 I 2010 17:53:32 - System found infected with AntiSpyware Pro XP Corrupted Adware/Spyware (HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers)! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:34 - Testování MountPoints2 RegKey...
29 I 2010 17:53:34 - Testování CLSID RegKey...
29 I 2010 17:53:38 - Testování ModuleUsage RegKey...
29 I 2010 17:53:38 - Testování ExternalApp RegKey...
29 I 2010 17:53:38 - Testování SharedDLL RegKey...
29 I 2010 17:53:39 - Testování Installer RegKey...
29 I 2010 17:53:40 - Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\SUPERAntiSpyware\". Provedené akce: Ponecháno, neodstraněno!.
29 I 2010 17:53:41 - Testování SharedTools RegKey...
29 I 2010 17:53:41 - Testování FileExtension RegKey...
29 I 2010 17:53:41 - Testování ARPCache RegKey...
29 I 2010 17:53:41 - Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "LexmarkX500Network". Provedené akce: Ponecháno, neodstraněno!.
29 I 2010 17:53:41 - Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{338BE0C4-BB77-47AE-A33B-65FEAFA3D151}". Provedené akce: Ponecháno, neodstraněno!.
29 I 2010 17:53:20 - Testování HKLM\SYSTEM\CurrentControlSet\Services\VxD
29 I 2010 17:53:20 - ***** Prohledávání registrů a souborů na přítomnost Adware/Spyware *****
29 I 2010 17:53:20 - Loading Spyware Signatures from new External Database [Name: C:\DOCUME~1\HOMEPK~1\LOCALS~1\temp\spydb.avs, Size: 931148]...
29 I 2010 17:53:21 - Indexed Spyware Databases Successfully Created...
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{179B6120-3BEA-11D1-8FD4-00AA00BD091C})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{179B6121-3BEA-11D1-8FD4-00AA00BD091C})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{179B6122-3BEA-11D1-8FD4-00AA00BD091C})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{179B6123-3BEA-11D1-8FD4-00AA00BD091C})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{179B6125-3BEA-11D1-8FD4-00AA00BD091C})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{179B6126-3BEA-11D1-8FD4-00AA00BD091C})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{179B6127-3BEA-11D1-8FD4-00AA00BD091C})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{179B6128-3BEA-11D1-8FD4-00AA00BD091C})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{608E8B11-3690-11D1-8FD4-00AA00BD091C})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{9F37C431-98F3-11D1-9C3B-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{9F37C432-98F3-11D1-9C3B-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{9F37C433-98F3-11D1-9C3B-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{9F37C434-98F3-11D1-9C3B-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{9F37C435-98F3-11D1-9C3B-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{9F37C436-98F3-11D1-9C3B-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\typelib\{9F37C430-98F3-11D1-9C3B-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\interface\{1D3266C1-745C-11D0-9223-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\interface\{1D3266C2-745C-11D0-9223-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\interface\{1D3266C3-745C-11D0-9223-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\interface\{1D3266C4-745C-11D0-9223-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\interface\{1D3266D1-745C-11D0-9223-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\interface\{1D3266D2-745C-11D0-9223-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\interface\{1D3266D3-745C-11D0-9223-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\interface\{1D3266D4-745C-11D0-9223-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\interface\{5DECA4E0-3B4F-11D1-8FD4-00AA00BD091C})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\interface\{608E8B10-3690-11D1-8FD4-00AA00BD091C})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\interface\{8A906AC2-BE4B-11D1-B134-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\interface\{9F37C448-98F3-11D1-9C3B-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\interface\{9F37C449-98F3-11D1-9C3B-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\interface\{9F37C44C-98F3-11D1-9C3B-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\interface\{9F37C44D-98F3-11D1-9C3B-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\interface\{9F37C44F-98F3-11D1-9C3B-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\interface\{A24604BA-C27F-11D1-9C4E-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\interface\{D5688691-E6B0-11D1-89B0-00AA00BD091C})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\interface\{EDBC92F0-B34C-11D1-B134-00A0244D2920})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:21 - System found infected with LophtCrack Spyware/Adware (HKEY_CLASSES_ROOT\interface\{F3743560-454E-11D1-8FD4-00AA00BD091C})! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:22 - Offending file found: C:\WINDOWS\system32\SfxBar.dll
29 I 2010 17:53:22 - System found infected with LophtCrack Spyware/Adware (SfxBar.dll)! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:29 - Offending Registry Entry found: HKLM\SOFTWARE\Classes\ChartFX.Chart
29 I 2010 17:53:29 - System found infected with LophtCrack Spyware/Adware (HKLM\SOFTWARE\Classes\ChartFX.Chart)! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:29 - Offending Registry Entry found: HKLM\SOFTWARE\Classes\ChartFX.Chart.4
29 I 2010 17:53:29 - System found infected with LophtCrack Spyware/Adware (HKLM\SOFTWARE\Classes\ChartFX.Chart.4)! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:29 - Offending Registry Entry found: HKLM\SOFTWARE\Classes\SfxBar.CommandBar
29 I 2010 17:53:29 - System found infected with LophtCrack Spyware/Adware (HKLM\SOFTWARE\Classes\SfxBar.CommandBar)! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:29 - Offending Registry Entry found: HKLM\SOFTWARE\Classes\SfxBar.CommandBar.1
29 I 2010 17:53:29 - System found infected with LophtCrack Spyware/Adware (HKLM\SOFTWARE\Classes\SfxBar.CommandBar.1)! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:29 - Offending Registry Entry found: HKLM\SOFTWARE\Classes\SfxBar.ToolBar
29 I 2010 17:53:29 - System found infected with LophtCrack Spyware/Adware (HKLM\SOFTWARE\Classes\SfxBar.ToolBar)! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:29 - Offending Registry Entry found: HKLM\SOFTWARE\Classes\SfxBar.ToolBar.1
29 I 2010 17:53:29 - System found infected with LophtCrack Spyware/Adware (HKLM\SOFTWARE\Classes\SfxBar.ToolBar.1)! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:29 - Offending Registry Entry found: HKLM\SOFTWARE\Classes\SfxBar.ToolCombo
29 I 2010 17:53:29 - System found infected with LophtCrack Spyware/Adware (HKLM\SOFTWARE\Classes\SfxBar.ToolCombo)! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:29 - Offending Registry Entry found: HKLM\SOFTWARE\Classes\SfxBar.ToolCombo.1
29 I 2010 17:53:29 - System found infected with LophtCrack Spyware/Adware (HKLM\SOFTWARE\Classes\SfxBar.ToolCombo.1)! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:29 - Offending Registry Entry found: HKCU\SOFTWARE\Wget
29 I 2010 17:53:29 - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\SOFTWARE\Wget)! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:29 - Offending Registry Entry found: HKCU\Software\Microsoft\OLE
29 I 2010 17:53:29 - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\Software\Microsoft\OLE)! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:32 - Offending Registry Entry found: HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers
29 I 2010 17:53:32 - System found infected with AntiSpyware Pro XP Corrupted Adware/Spyware (HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers)! Action taken: Ponecháno, neodstraněno!.
29 I 2010 17:53:34 - Testování MountPoints2 RegKey...
29 I 2010 17:53:34 - Testování CLSID RegKey...
29 I 2010 17:53:38 - Testování ModuleUsage RegKey...
29 I 2010 17:53:38 - Testování ExternalApp RegKey...
29 I 2010 17:53:38 - Testování SharedDLL RegKey...
29 I 2010 17:53:39 - Testování Installer RegKey...
29 I 2010 17:53:40 - Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\SUPERAntiSpyware\". Provedené akce: Ponecháno, neodstraněno!.
29 I 2010 17:53:41 - Testování SharedTools RegKey...
29 I 2010 17:53:41 - Testování FileExtension RegKey...
29 I 2010 17:53:41 - Testování ARPCache RegKey...
29 I 2010 17:53:41 - Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "LexmarkX500Network". Provedené akce: Ponecháno, neodstraněno!.
29 I 2010 17:53:41 - Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{338BE0C4-BB77-47AE-A33B-65FEAFA3D151}". Provedené akce: Ponecháno, neodstraněno!.
Re: Lophtcrack
Tak dle navodu je treba ucinit urcite kroky a zkopirovat jen urcite radky,takze na finale by ten log nemel byt tak obsahly.Ten log je strasne velky, nestaci vypis kde sa spomina lophtcrack?
Pouzijte MBAM instalace,uplny sken,vlozit sem log-NIC NEMAZAT!
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU! ___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Re: Lophtcrack
Malwarebytes' Anti-Malware 1.44
Verzia databázy: 3658
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
30.1.2010 11:43:58
mbam-log-2010-01-30 (11-43-50).txt
Typ kontroly: Úplná (C:\|)
Objektov kontrolovaných: 153124
Uplynutý cas: 29 minute(s), 45 second(s)
Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 0
Infikovaných súborov: 4
Infikovaných procesov pamäte:
(Žiadne škodlivé položky)
Infikovaných modulov pamäte:
(Žiadne škodlivé položky)
Infikovaných registracných klúcov:
(Žiadne škodlivé položky)
Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)
Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)
Infikovaných priecinkov:
(Žiadne škodlivé položky)
Infikovaných súborov:
C:\System Volume Information\_restore{4F556E28-8F11-4726-A296-4B5906AE0E10}\RP43\A0003836.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{4F556E28-8F11-4726-A296-4B5906AE0E10}\RP43\A0003876.com (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{4F556E28-8F11-4726-A296-4B5906AE0E10}\RP43\A0004011.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{4F556E28-8F11-4726-A296-4B5906AE0E10}\RP43\A0004039.com (Trojan.Agent) -> No action taken.
Verzia databázy: 3658
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
30.1.2010 11:43:58
mbam-log-2010-01-30 (11-43-50).txt
Typ kontroly: Úplná (C:\|)
Objektov kontrolovaných: 153124
Uplynutý cas: 29 minute(s), 45 second(s)
Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 0
Infikovaných súborov: 4
Infikovaných procesov pamäte:
(Žiadne škodlivé položky)
Infikovaných modulov pamäte:
(Žiadne škodlivé položky)
Infikovaných registracných klúcov:
(Žiadne škodlivé položky)
Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)
Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)
Infikovaných priecinkov:
(Žiadne škodlivé položky)
Infikovaných súborov:
C:\System Volume Information\_restore{4F556E28-8F11-4726-A296-4B5906AE0E10}\RP43\A0003836.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{4F556E28-8F11-4726-A296-4B5906AE0E10}\RP43\A0003876.com (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{4F556E28-8F11-4726-A296-4B5906AE0E10}\RP43\A0004011.sys (Malware.Trace) -> No action taken.
C:\System Volume Information\_restore{4F556E28-8F11-4726-A296-4B5906AE0E10}\RP43\A0004039.com (Trojan.Agent) -> No action taken.
Re: Lophtcrack
Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU! ___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Re: Lophtcrack
Malwarebytes' Anti-Malware 1.44
Verzia databázy: 3658
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
31.1.2010 9:44:34
mbam-log-2010-01-31 (09-44-34).txt
Typ kontroly: Úplná (C:\|)
Objektov kontrolovaných: 145612
Uplynutý cas: 21 minute(s), 19 second(s)
Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 0
Infikovaných súborov: 0
Infikovaných procesov pamäte:
(Žiadne škodlivé položky)
Infikovaných modulov pamäte:
(Žiadne škodlivé položky)
Infikovaných registracných klúcov:
(Žiadne škodlivé položky)
Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)
Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)
Infikovaných priecinkov:
(Žiadne škodlivé položky)
Infikovaných súborov:
(Žiadne škodlivé položky)
vypnuti a zapnuti obnovy systemu-SVI pomohlo, chovani pc v norme
este to preskenujem mwav
Verzia databázy: 3658
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
31.1.2010 9:44:34
mbam-log-2010-01-31 (09-44-34).txt
Typ kontroly: Úplná (C:\|)
Objektov kontrolovaných: 145612
Uplynutý cas: 21 minute(s), 19 second(s)
Infikovaných procesov pamäte: 0
Infikovaných modulov pamäte: 0
Infikovaných registracných klúcov: 0
Infikovaných registracných hodnôt: 0
Infikovaných registracných údajov položiek: 0
Infikovaných priecinkov: 0
Infikovaných súborov: 0
Infikovaných procesov pamäte:
(Žiadne škodlivé položky)
Infikovaných modulov pamäte:
(Žiadne škodlivé položky)
Infikovaných registracných klúcov:
(Žiadne škodlivé položky)
Infikovaných registracných hodnôt:
(Žiadne škodlivé položky)
Infikovaných registracných údajov položiek:
(Žiadne škodlivé položky)
Infikovaných priecinkov:
(Žiadne škodlivé položky)
Infikovaných súborov:
(Žiadne škodlivé položky)
vypnuti a zapnuti obnovy systemu-SVI pomohlo, chovani pc v norme
este to preskenujem mwav
Re: Lophtcrack
Lophtcrack zostal...
Re: Lophtcrack
Tak ako, ste este ochotni mi niekto pomoct a poradit ako sa ho zbavit?
Re: Lophtcrack
pokud jste tak jeste neucinil(a), presunte Combofix na plochuotevrete si Poznamkovy blok
do nej zkopirujte skript z nasledujiciho okna:
Kód: Vybrat vše
KillAll::
Collect::
C:\WINDOWS\system32\SfxBar.dll
Registry::
[-HKEY_CLASSES_ROOT\clsid\{179B6120-3BEA-11D1-8FD4-00AA00BD091C}]
[-HKEY_CLASSES_ROOT\clsid\{179B6121-3BEA-11D1-8FD4-00AA00BD091C}]
[-HKEY_CLASSES_ROOT\clsid\{179B6122-3BEA-11D1-8FD4-00AA00BD091C}]
[-HKEY_CLASSES_ROOT\clsid\{179B6123-3BEA-11D1-8FD4-00AA00BD091C}]
[-HKEY_CLASSES_ROOT\clsid\{179B6125-3BEA-11D1-8FD4-00AA00BD091C}]
[-HKEY_CLASSES_ROOT\clsid\{179B6126-3BEA-11D1-8FD4-00AA00BD091C}]
[-HKEY_CLASSES_ROOT\clsid\{179B6127-3BEA-11D1-8FD4-00AA00BD091C}]
[-HKEY_CLASSES_ROOT\clsid\{179B6128-3BEA-11D1-8FD4-00AA00BD091C}]
[-HKEY_CLASSES_ROOT\clsid\{608E8B11-3690-11D1-8FD4-00AA00BD091C}]
[-HKEY_CLASSES_ROOT\clsid\{9F37C431-98F3-11D1-9C3B-00A0244D2920}]
[-HKEY_CLASSES_ROOT\clsid\{9F37C432-98F3-11D1-9C3B-00A0244D2920}]
[-HKEY_CLASSES_ROOT\clsid\{9F37C433-98F3-11D1-9C3B-00A0244D2920}]
[-HKEY_CLASSES_ROOT\clsid\{9F37C434-98F3-11D1-9C3B-00A0244D2920}]
[-HKEY_CLASSES_ROOT\clsid\{9F37C435-98F3-11D1-9C3B-00A0244D2920}]
[-HKEY_CLASSES_ROOT\clsid\{9F37C436-98F3-11D1-9C3B-00A0244D2920}]
[-HKEY_CLASSES_ROOT\typelib\{9F37C430-98F3-11D1-9C3B-00A0244D2920}]
[-HKEY_CLASSES_ROOT\interface\{1D3266C1-745C-11D0-9223-00A0244D2920}]
[-HKEY_CLASSES_ROOT\interface\{1D3266C2-745C-11D0-9223-00A0244D2920}]
[-HKEY_CLASSES_ROOT\interface\{1D3266C3-745C-11D0-9223-00A0244D2920}]
[-HKEY_CLASSES_ROOT\interface\{1D3266C4-745C-11D0-9223-00A0244D2920}]
[-HKEY_CLASSES_ROOT\interface\{1D3266D1-745C-11D0-9223-00A0244D2920}]
[-HKEY_CLASSES_ROOT\interface\{1D3266D2-745C-11D0-9223-00A0244D2920}]
[-HKEY_CLASSES_ROOT\interface\{1D3266D3-745C-11D0-9223-00A0244D2920}]
[-HKEY_CLASSES_ROOT\interface\{1D3266D4-745C-11D0-9223-00A0244D2920}]
[-HKEY_CLASSES_ROOT\interface\{5DECA4E0-3B4F-11D1-8FD4-00AA00BD091C}]
[-HKEY_CLASSES_ROOT\interface\{608E8B10-3690-11D1-8FD4-00AA00BD091C}]
[-HKEY_CLASSES_ROOT\interface\{8A906AC2-BE4B-11D1-B134-00A0244D2920}]
[-HKEY_CLASSES_ROOT\interface\{9F37C448-98F3-11D1-9C3B-00A0244D2920}]
[-HKEY_CLASSES_ROOT\interface\{9F37C449-98F3-11D1-9C3B-00A0244D2920}]
[-HKEY_CLASSES_ROOT\interface\{9F37C44C-98F3-11D1-9C3B-00A0244D2920}]
[-HKEY_CLASSES_ROOT\interface\{9F37C44D-98F3-11D1-9C3B-00A0244D2920}]
[-HKEY_CLASSES_ROOT\interface\{9F37C44F-98F3-11D1-9C3B-00A0244D2920}]
[-HKEY_CLASSES_ROOT\interface\{A24604BA-C27F-11D1-9C4E-00A0244D2920}]
[-HKEY_CLASSES_ROOT\interface\{D5688691-E6B0-11D1-89B0-00AA00BD091C}]
[-HKEY_CLASSES_ROOT\interface\{EDBC92F0-B34C-11D1-B134-00A0244D2920}]
[-HKEY_CLASSES_ROOT\interface\{F3743560-454E-11D1-8FD4-00AA00BD091C}]
[-HKLM\SOFTWARE\Classes\ChartFX.Chart]
[-HKLM\SOFTWARE\Classes\ChartFX.Chart.4]
[-HKLM\SOFTWARE\Classes\SfxBar.CommandBar]
[-HKLM\SOFTWARE\Classes\SfxBar.CommandBar.1]
[-HKLM\SOFTWARE\Classes\SfxBar.ToolBar]
[-HKLM\SOFTWARE\Classes\SfxBar.ToolBar.1]
[-HKLM\SOFTWARE\Classes\SfxBar.ToolCombo]
[-HKLM\SOFTWARE\Classes\SfxBar.ToolCombo.1]po ulozeni uchopte vami vytvoreny skript levym tlacitkem mysi a presunte jej nad ikonu Combofixu, nad niz skript upustte:
po aplikaci by na vas mel vyskocit dalsi log, vlozte jej sem
Upozorneni: je mozne, ze po aplikaci skriptu a restartu nenabehnou Windows, v takovem pripade znovu restartujte, po restartu mackejte F8 a zvolte Posledni znamou funkcni konfiguraci
Pote jeste udelejte sken MWAVem a log vlozte sem - pouze polozky Infected,riskware, spyware, virus apod.Autoruns + HitmanPro + UPM + Avenger + GMER + OTM + AVPTool + RSIT + RootRepeal
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!
ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!
NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU!
___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
________________________________________________________________________________________
AKTUALIZOVANY ANTIVIR A PERSONALNI FIREWALL JSOU DVE NEZBYTNE OCHRANNE KOMPONENTY KAZDEHO PC,PRIPOJENEHO DO INTERNETU!!!ZALOHOVANIM OSOBNICH DAT O NE NEPRIJDETE V PRIPADE FATALNICH PROBLEMU SE SOFTWAREM I HARDWAREM!!NEPOUZIVEJTE COMBOFIX NA VLASTNI PEST, POUZE, POKUD K TOMU BUDETE VYZVANI.PRI NESPRAVNE MANIPULACI S NIM MUZE DOJIT K ZNEFUNKCNENI SYSTEMU! ___________________________________________________________
----------------------earl@forum.viry.cz-----------------------
Re: Lophtcrack
02 II 2010 16:42:00 - Testování HKLM\SYSTEM\CurrentControlSet\Services\VxD
02 II 2010 16:42:00 - ***** Prohledávání registrů a souborů na přítomnost Adware/Spyware *****
02 II 2010 16:42:02 - Loading Spyware Signatures from new External Database [Name: C:\DOCUME~1\HOMEPK~1\LOCALS~1\temp\spydb.avs, Size: 890116]...
02 II 2010 16:42:02 - Indexed Spyware Databases Successfully Created...
02 II 2010 16:42:03 - System found infected with Parentis Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{9BD3A001-42A2-491E-AACA-9512F6CF4CDB})! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:03 - System found infected with Parentis Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{C5DA1F2B-B2BF-4DFC-BC9A-439133543A67})! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:03 - System found infected with Parentis Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{D2129738-6A78-4BCB-915A-412982CAA23D})! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:03 - System found infected with Parentis Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{DC90EAA6-69B8-4DE4-9A7B-5B2C5B3FEACD})! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:03 - System found infected with Parentis Spyware/Adware (HKEY_CLASSES_ROOT\interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB})! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:03 - System found infected with Parentis Spyware/Adware (HKEY_CLASSES_ROOT\interface\{459A91BC-193F-4A70-959C-BFF69D781142})! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:03 - System found infected with Parentis Spyware/Adware (HKEY_CLASSES_ROOT\interface\{464D3E06-7D5B-416F-A6EE-0FFB1A5E931B})! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:03 - System found infected with Parentis Spyware/Adware (HKEY_CLASSES_ROOT\interface\{497B84D4-FB2F-4AB0-A280-8AACFB4B355F})! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:03 - System found infected with Parentis Spyware/Adware (HKEY_CLASSES_ROOT\interface\{66718B8E-A382-4FE2-AA7A-926F9D8C4621})! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:03 - System found infected with Parentis Spyware/Adware (HKEY_CLASSES_ROOT\interface\{BC39A57D-DF2C-45B4-BFFD-7D55E911C1B2})! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:03 - System found infected with Parentis Spyware/Adware (HKEY_CLASSES_ROOT\interface\{CCA2E620-B807-451F-BAFD-2057AF9025FE})! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:09 - Offending Registry Entry found: HKLM\SOFTWARE\Classes\ChartFX.Chart
02 II 2010 16:42:09 - System found infected with LophtCrack Spyware/Adware (HKLM\SOFTWARE\Classes\ChartFX.Chart)! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:09 - Offending Registry Entry found: HKLM\SOFTWARE\Classes\ChartFX.Chart.4
02 II 2010 16:42:09 - System found infected with LophtCrack Spyware/Adware (HKLM\SOFTWARE\Classes\ChartFX.Chart.4)! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:09 - Offending Registry Entry found: HKLM\SOFTWARE\Classes\SfxBar.CommandBar
02 II 2010 16:42:09 - System found infected with LophtCrack Spyware/Adware (HKLM\SOFTWARE\Classes\SfxBar.CommandBar)! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:09 - Offending Registry Entry found: HKLM\SOFTWARE\Classes\SfxBar.CommandBar.1
02 II 2010 16:42:09 - System found infected with LophtCrack Spyware/Adware (HKLM\SOFTWARE\Classes\SfxBar.CommandBar.1)! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:09 - Offending Registry Entry found: HKLM\SOFTWARE\Classes\SfxBar.ToolBar
02 II 2010 16:42:09 - System found infected with LophtCrack Spyware/Adware (HKLM\SOFTWARE\Classes\SfxBar.ToolBar)! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:09 - Offending Registry Entry found: HKLM\SOFTWARE\Classes\SfxBar.ToolBar.1
02 II 2010 16:42:09 - System found infected with LophtCrack Spyware/Adware (HKLM\SOFTWARE\Classes\SfxBar.ToolBar.1)! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:09 - Offending Registry Entry found: HKLM\SOFTWARE\Classes\SfxBar.ToolCombo
02 II 2010 16:42:09 - System found infected with LophtCrack Spyware/Adware (HKLM\SOFTWARE\Classes\SfxBar.ToolCombo)! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:09 - Offending Registry Entry found: HKLM\SOFTWARE\Classes\SfxBar.ToolCombo.1
02 II 2010 16:42:09 - System found infected with LophtCrack Spyware/Adware (HKLM\SOFTWARE\Classes\SfxBar.ToolCombo.1)! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:09 - Offending Registry Entry found: HKCU\SOFTWARE\Wget
02 II 2010 16:42:09 - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\SOFTWARE\Wget)! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:09 - Offending Registry Entry found: HKCU\Software\Microsoft\OLE
02 II 2010 16:42:09 - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\Software\Microsoft\OLE)! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:14 - Offending Registry Entry found: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
02 II 2010 16:42:14 - System found infected with Spyware.ExpressKeylog Corrupted Adware/Spyware (HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations)! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:14 - Offending Registry Entry found: HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers
02 II 2010 16:42:14 - System found infected with AntiSpyware Pro XP Corrupted Adware/Spyware (HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers)! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:15 - Testování MountPoints2 RegKey...
02 II 2010 16:42:15 - Testování CLSID RegKey...
02 II 2010 16:42:15 - Záznam "HKCR\ChartFX.Chart" odkazuje na neplatný objekt "{608E8B11-3690-11D1-8FD4-00AA00BD091C}". Provedené akce: Ponecháno, neodstraněno!.
02 II 2010 16:42:15 - Záznam "HKCR\ChartFX.Chart.4" odkazuje na neplatný objekt "{608E8B11-3690-11D1-8FD4-00AA00BD091C}". Provedené akce: Ponecháno, neodstraněno!.
02 II 2010 16:42:18 - Záznam "HKCR\SfxBar.CommandBar" odkazuje na neplatný objekt "{9F37C435-98F3-11D1-9C3B-00A0244D2920}". Provedené akce: Ponecháno, neodstraněno!.
02 II 2010 16:42:18 - Záznam "HKCR\SfxBar.CommandBar.1" odkazuje na neplatný objekt "{9F37C435-98F3-11D1-9C3B-00A0244D2920}". Provedené akce: Ponecháno, neodstraněno!.
02 II 2010 16:42:18 - Záznam "HKCR\SfxBar.ToolBar" odkazuje na neplatný objekt "{9F37C433-98F3-11D1-9C3B-00A0244D2920}". Provedené akce: Ponecháno, neodstraněno!.
02 II 2010 16:42:18 - Záznam "HKCR\SfxBar.ToolBar.1" odkazuje na neplatný objekt "{9F37C433-98F3-11D1-9C3B-00A0244D2920}". Provedené akce: Ponecháno, neodstraněno!.
02 II 2010 16:42:18 - Záznam "HKCR\SfxBar.ToolCombo" odkazuje na neplatný objekt "{9F37C434-98F3-11D1-9C3B-00A0244D2920}". Provedené akce: Ponecháno, neodstraněno!.
02 II 2010 16:42:18 - Záznam "HKCR\SfxBar.ToolCombo.1" odkazuje na neplatný objekt "{9F37C434-98F3-11D1-9C3B-00A0244D2920}". Provedené akce: Ponecháno, neodstraněno!.
02 II 2010 16:42:19 - Testování ModuleUsage RegKey...
02 II 2010 16:42:19 - Testování ExternalApp RegKey...
02 II 2010 16:42:19 - Testování SharedDLL RegKey...
02 II 2010 16:42:20 - Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\system32\SfxBar.dll". Provedené akce: Ponecháno, neodstraněno!.
02 II 2010 16:42:20 - Testování Installer RegKey...
02 II 2010 16:42:20 - Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\SUPERAntiSpyware\". Provedené akce: Ponecháno, neodstraněno!.
02 II 2010 16:42:21 - Testování SharedTools RegKey...
02 II 2010 16:42:21 - Testování FileExtension RegKey...
02 II 2010 16:42:21 - Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".l3dpack". Provedené akce: Ponecháno, neodstraněno!.
02 II 2010 16:42:21 - Testování ARPCache RegKey...
02 II 2010 16:42:21 - Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "LexmarkX500Network". Provedené akce: Ponecháno, neodstraněno!.
02 II 2010 16:42:21 - Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{338BE0C4-BB77-47AE-A33B-65FEAFA3D151}". Provedené akce: Ponecháno, neodstraněno!.
02 II 2010 16:42:00 - ***** Prohledávání registrů a souborů na přítomnost Adware/Spyware *****
02 II 2010 16:42:02 - Loading Spyware Signatures from new External Database [Name: C:\DOCUME~1\HOMEPK~1\LOCALS~1\temp\spydb.avs, Size: 890116]...
02 II 2010 16:42:02 - Indexed Spyware Databases Successfully Created...
02 II 2010 16:42:03 - System found infected with Parentis Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{9BD3A001-42A2-491E-AACA-9512F6CF4CDB})! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:03 - System found infected with Parentis Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{C5DA1F2B-B2BF-4DFC-BC9A-439133543A67})! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:03 - System found infected with Parentis Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{D2129738-6A78-4BCB-915A-412982CAA23D})! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:03 - System found infected with Parentis Spyware/Adware (HKEY_CLASSES_ROOT\clsid\{DC90EAA6-69B8-4DE4-9A7B-5B2C5B3FEACD})! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:03 - System found infected with Parentis Spyware/Adware (HKEY_CLASSES_ROOT\interface\{1EDFD7DF-030D-4144-952E-9D7D86691CDB})! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:03 - System found infected with Parentis Spyware/Adware (HKEY_CLASSES_ROOT\interface\{459A91BC-193F-4A70-959C-BFF69D781142})! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:03 - System found infected with Parentis Spyware/Adware (HKEY_CLASSES_ROOT\interface\{464D3E06-7D5B-416F-A6EE-0FFB1A5E931B})! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:03 - System found infected with Parentis Spyware/Adware (HKEY_CLASSES_ROOT\interface\{497B84D4-FB2F-4AB0-A280-8AACFB4B355F})! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:03 - System found infected with Parentis Spyware/Adware (HKEY_CLASSES_ROOT\interface\{66718B8E-A382-4FE2-AA7A-926F9D8C4621})! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:03 - System found infected with Parentis Spyware/Adware (HKEY_CLASSES_ROOT\interface\{BC39A57D-DF2C-45B4-BFFD-7D55E911C1B2})! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:03 - System found infected with Parentis Spyware/Adware (HKEY_CLASSES_ROOT\interface\{CCA2E620-B807-451F-BAFD-2057AF9025FE})! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:09 - Offending Registry Entry found: HKLM\SOFTWARE\Classes\ChartFX.Chart
02 II 2010 16:42:09 - System found infected with LophtCrack Spyware/Adware (HKLM\SOFTWARE\Classes\ChartFX.Chart)! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:09 - Offending Registry Entry found: HKLM\SOFTWARE\Classes\ChartFX.Chart.4
02 II 2010 16:42:09 - System found infected with LophtCrack Spyware/Adware (HKLM\SOFTWARE\Classes\ChartFX.Chart.4)! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:09 - Offending Registry Entry found: HKLM\SOFTWARE\Classes\SfxBar.CommandBar
02 II 2010 16:42:09 - System found infected with LophtCrack Spyware/Adware (HKLM\SOFTWARE\Classes\SfxBar.CommandBar)! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:09 - Offending Registry Entry found: HKLM\SOFTWARE\Classes\SfxBar.CommandBar.1
02 II 2010 16:42:09 - System found infected with LophtCrack Spyware/Adware (HKLM\SOFTWARE\Classes\SfxBar.CommandBar.1)! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:09 - Offending Registry Entry found: HKLM\SOFTWARE\Classes\SfxBar.ToolBar
02 II 2010 16:42:09 - System found infected with LophtCrack Spyware/Adware (HKLM\SOFTWARE\Classes\SfxBar.ToolBar)! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:09 - Offending Registry Entry found: HKLM\SOFTWARE\Classes\SfxBar.ToolBar.1
02 II 2010 16:42:09 - System found infected with LophtCrack Spyware/Adware (HKLM\SOFTWARE\Classes\SfxBar.ToolBar.1)! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:09 - Offending Registry Entry found: HKLM\SOFTWARE\Classes\SfxBar.ToolCombo
02 II 2010 16:42:09 - System found infected with LophtCrack Spyware/Adware (HKLM\SOFTWARE\Classes\SfxBar.ToolCombo)! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:09 - Offending Registry Entry found: HKLM\SOFTWARE\Classes\SfxBar.ToolCombo.1
02 II 2010 16:42:09 - System found infected with LophtCrack Spyware/Adware (HKLM\SOFTWARE\Classes\SfxBar.ToolCombo.1)! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:09 - Offending Registry Entry found: HKCU\SOFTWARE\Wget
02 II 2010 16:42:09 - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\SOFTWARE\Wget)! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:09 - Offending Registry Entry found: HKCU\Software\Microsoft\OLE
02 II 2010 16:42:09 - System found infected with Backdoor (IRCBot) Trojans Spyware/Adware (HKCU\Software\Microsoft\OLE)! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:14 - Offending Registry Entry found: HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
02 II 2010 16:42:14 - System found infected with Spyware.ExpressKeylog Corrupted Adware/Spyware (HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Associations)! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:14 - Offending Registry Entry found: HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers
02 II 2010 16:42:14 - System found infected with AntiSpyware Pro XP Corrupted Adware/Spyware (HKCU\Software\Microsoft\Windows\CurrentVersion\Drivers)! Action taken: Ponecháno, neodstraněno!.
02 II 2010 16:42:15 - Testování MountPoints2 RegKey...
02 II 2010 16:42:15 - Testování CLSID RegKey...
02 II 2010 16:42:15 - Záznam "HKCR\ChartFX.Chart" odkazuje na neplatný objekt "{608E8B11-3690-11D1-8FD4-00AA00BD091C}". Provedené akce: Ponecháno, neodstraněno!.
02 II 2010 16:42:15 - Záznam "HKCR\ChartFX.Chart.4" odkazuje na neplatný objekt "{608E8B11-3690-11D1-8FD4-00AA00BD091C}". Provedené akce: Ponecháno, neodstraněno!.
02 II 2010 16:42:18 - Záznam "HKCR\SfxBar.CommandBar" odkazuje na neplatný objekt "{9F37C435-98F3-11D1-9C3B-00A0244D2920}". Provedené akce: Ponecháno, neodstraněno!.
02 II 2010 16:42:18 - Záznam "HKCR\SfxBar.CommandBar.1" odkazuje na neplatný objekt "{9F37C435-98F3-11D1-9C3B-00A0244D2920}". Provedené akce: Ponecháno, neodstraněno!.
02 II 2010 16:42:18 - Záznam "HKCR\SfxBar.ToolBar" odkazuje na neplatný objekt "{9F37C433-98F3-11D1-9C3B-00A0244D2920}". Provedené akce: Ponecháno, neodstraněno!.
02 II 2010 16:42:18 - Záznam "HKCR\SfxBar.ToolBar.1" odkazuje na neplatný objekt "{9F37C433-98F3-11D1-9C3B-00A0244D2920}". Provedené akce: Ponecháno, neodstraněno!.
02 II 2010 16:42:18 - Záznam "HKCR\SfxBar.ToolCombo" odkazuje na neplatný objekt "{9F37C434-98F3-11D1-9C3B-00A0244D2920}". Provedené akce: Ponecháno, neodstraněno!.
02 II 2010 16:42:18 - Záznam "HKCR\SfxBar.ToolCombo.1" odkazuje na neplatný objekt "{9F37C434-98F3-11D1-9C3B-00A0244D2920}". Provedené akce: Ponecháno, neodstraněno!.
02 II 2010 16:42:19 - Testování ModuleUsage RegKey...
02 II 2010 16:42:19 - Testování ExternalApp RegKey...
02 II 2010 16:42:19 - Testování SharedDLL RegKey...
02 II 2010 16:42:20 - Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" odkazuje na neplatný objekt "C:\WINDOWS\system32\SfxBar.dll". Provedené akce: Ponecháno, neodstraněno!.
02 II 2010 16:42:20 - Testování Installer RegKey...
02 II 2010 16:42:20 - Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\Folders" odkazuje na neplatný objekt "C:\Program Files\SUPERAntiSpyware\". Provedené akce: Ponecháno, neodstraněno!.
02 II 2010 16:42:21 - Testování SharedTools RegKey...
02 II 2010 16:42:21 - Testování FileExtension RegKey...
02 II 2010 16:42:21 - Záznam "HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts" odkazuje na neplatný objekt ".l3dpack". Provedené akce: Ponecháno, neodstraněno!.
02 II 2010 16:42:21 - Testování ARPCache RegKey...
02 II 2010 16:42:21 - Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "LexmarkX500Network". Provedené akce: Ponecháno, neodstraněno!.
02 II 2010 16:42:21 - Záznam "HKLM\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache" odkazuje na neplatný objekt "{338BE0C4-BB77-47AE-A33B-65FEAFA3D151}". Provedené akce: Ponecháno, neodstraněno!.
Přispějete na provoz fóra?