Logfile of random's system information tool 1.08 (written by random/random)
Run by Administrator at 2010-11-29 22:34:36
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 16 GB (55%) free of 30 GB
Total RAM: 895 MB (73% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:34:39, on 29. 11. 2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Dokumenty\Preberanie\RSIT(2).exe
C:\Program Files\trend micro\Administrator.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSoft.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
O4 - HKLM\..\Run: [Remote] C:\Program Files\LifeView TVR\Remote.exe
O4 - HKLM\..\Run: [RecSche] "C:\Program Files\LifeView TVR\RecSche.exe"
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [sniffer] C:\WINDOWS\Temp\_ex-08.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: McAfee Security Scan Plus.lnk = ?
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone
O16 - DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} (Ovi maps browser plugin) - http://static.s2g.gate5.de/ovi_maps/Ovi ... 3.37.3.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: RelevantKnowledge - C:\Program Files\RelevantKnowledge\rlls.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 9576 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\fbagent.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\systems.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
Softonic-Eng7 Toolbar - C:\Program Files\Softonic-Eng7\tbSoft.dll [2010-03-17 2355224]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-21 278192]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll [2010-10-10 842296]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-20 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-11-20 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}]
BS Player Toolbar - C:\Program Files\BS_Player\tbBS_P.dll [2009-12-31 2349080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Softonic-Eng7 Toolbar - C:\Program Files\Softonic-Eng7\tbSoft.dll [2010-03-17 2355224]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-03-28 1017592]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-07-21 278192]
{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - BS Player Toolbar - C:\Program Files\BS_Player\tbBS_P.dll [2009-12-31 2349080]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-09-12 16264192]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"SMSERIAL"=C:\WINDOWS\sm56hlpr.exe [2006-01-20 544768]
"Power_Gear"=C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe [2006-03-06 86016]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2005-10-21 761945]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-04-27 7561216]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-04-27 86016]
"HControl"=C:\WINDOWS\ATK0100\HControl.exe [2006-08-23 110592]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"Wireless Console 2"=C:\Program Files\Wireless Console 2\wcourier.exe [2005-10-17 987136]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2006-01-12 155648]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-03-11 49152]
"avast5"=C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe [2010-01-19 2743104]
"Remote"=C:\Program Files\LifeView TVR\Remote.exe []
"RecSche"=C:\Program Files\LifeView TVR\RecSche.exe []
"ScanRegistry"=C:\W []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2009-02-05 81000]
"sniffer"=C:\WINDOWS\Temp\_ex-08.exe [2010-11-28 351744]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\CTFMON.EXE [2008-04-14 15360]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RelevantKnowledge]
C:\Program Files\RelevantKnowledge\rlls.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-09-28 265096]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2009-09-28 133632]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-09-28 304128]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL [2006-10-27 2210608]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\WINDOWS\Temp\~os87.tmp\rlvknlg.exe"="C:\WINDOWS\Temp\~os87.tmp\rlvknlg.exe:*:Enabled:rlvknlg.exe"
"C:\WINDOWS\Temp\~osD1.tmp\rlvknlg.exe"="C:\WINDOWS\Temp\~osD1.tmp\rlvknlg.exe:*:Enabled:rlvknlg.exe"
"C:\WINDOWS\Temp\~os63.tmp\rlvknlg.exe"="C:\WINDOWS\Temp\~os63.tmp\rlvknlg.exe:*:Enabled:rlvknlg.exe"
"C:\WINDOWS\Temp\~os5B.tmp\rlvknlg.exe"="C:\WINDOWS\Temp\~os5B.tmp\rlvknlg.exe:*:Enabled:rlvknlg.exe"
"C:\WINDOWS\Temp\~os11E.tmp\rlvknlg.exe"="C:\WINDOWS\Temp\~os11E.tmp\rlvknlg.exe:*:Enabled:rlvknlg.exe"
"c:\program files\relevantknowledge\rlvknlg.exe"="c:\program files\relevantknowledge\rlvknlg.exe:*:Enabled:rlvknlg.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
======List of files/folders created in the last 1 months======
2010-11-29 22:32:57 ----D---- C:\Program Files\trend micro
2010-11-29 22:32:56 ----D---- C:\rsit
2010-11-29 22:32:27 ----A---- C:\WINDOWS\system32\hidserv.dll
2010-11-29 22:32:24 ----A---- C:\WINDOWS\system32\drivers\kbdhid.sys
2010-11-29 22:31:42 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Macromedia
2010-11-29 22:31:42 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Adobe
2010-11-29 22:28:54 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Mozilla
2010-11-29 20:21:36 ----A---- C:\WINDOWS\system32\drivers\mouhid.sys
2010-11-29 20:21:33 ----A---- C:\WINDOWS\system32\drivers\hidusb.sys
2010-11-29 19:11:02 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Opera
2010-11-29 19:09:49 ----ASH---- C:\Documents and Settings\Administrator\Data aplikací\desktop.ini
2010-11-29 19:09:48 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2010-11-29 19:09:48 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Sun
2010-11-29 19:09:29 ----A---- C:\WINDOWS\ntbtlog.txt
2010-11-28 19:49:23 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2010-11-28 19:38:12 ----A---- C:\WINDOWS\system32\wpcap.dll
2010-11-28 19:38:12 ----A---- C:\WINDOWS\system32\Packet.dll
2010-11-28 19:38:12 ----A---- C:\WINDOWS\system32\drivers\npf.sys
2010-11-28 13:50:21 ----D---- C:\Program Files\DAEMON Tools Lite
2010-11-27 11:40:25 ----A---- C:\WINDOWS\system32\asw2C.tmp
2010-11-26 11:55:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\Sun
2010-11-26 11:55:37 ----D---- C:\Program Files\Common Files\Java
2010-11-26 11:55:26 ----A---- C:\WINDOWS\system32\javaws.exe
2010-11-26 11:55:26 ----A---- C:\WINDOWS\system32\javaw.exe
2010-11-26 11:55:26 ----A---- C:\WINDOWS\system32\java.exe
2010-11-26 11:55:26 ----A---- C:\WINDOWS\system32\deployJava1.dll
2010-11-14 15:44:12 ----D---- C:\Program Files\Common Files\Adobe
2010-11-14 15:44:12 ----D---- C:\Program Files\Adobe
2010-11-14 14:36:28 ----D---- C:\Program Files\7-Zip
======List of files/folders modified in the last 1 months======
2010-11-29 22:32:57 ----RD---- C:\Program Files
2010-11-29 22:32:27 ----D---- C:\WINDOWS\system32
2010-11-29 22:32:24 ----D---- C:\WINDOWS\system32\drivers
2010-11-29 22:32:12 ----D---- C:\WINDOWS\system32\CatRoot2
2010-11-29 22:31:29 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-11-29 22:27:13 ----D---- C:\WINDOWS\Temp
2010-11-29 21:42:21 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-11-29 20:58:32 ----D---- C:\Program Files\RelevantKnowledge
2010-11-29 20:21:42 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-11-29 20:21:36 ----D---- C:\WINDOWS
2010-11-29 19:09:47 ----D---- C:\Documents and Settings
2010-11-29 18:34:19 ----A---- C:\WINDOWS\NeroDigital.ini
2010-11-28 21:16:41 ----D---- C:\temp
2010-11-28 19:37:56 ----D---- C:\WINDOWS\Prefetch
2010-11-28 19:37:27 ----SD---- C:\WINDOWS\Tasks
2010-11-28 13:51:05 ----D---- C:\Program Files\DAEMON Tools Toolbar
2010-11-28 13:50:17 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2010-11-27 11:40:19 ----D---- C:\Program Files\Alwil Software
2010-11-26 11:55:38 ----SHD---- C:\WINDOWS\Installer
2010-11-26 11:55:38 ----HD---- C:\Config.Msi
2010-11-26 11:55:37 ----D---- C:\Program Files\Common Files
2010-11-26 11:55:23 ----D---- C:\Program Files\Java
2010-11-14 15:44:21 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-11-12 15:51:08 ----A---- C:\WINDOWS\ModemLog_HUAWEI Mobile Connect - 3G Modem.txt
2010-11-01 21:13:41 ----D---- C:\Program Files\Mozilla Firefox
2010-10-31 15:04:08 ----D---- C:\Program Files\Opera
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2009-09-28 61824]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-05-13 43528]
R0 risdptsk;risdptsk; C:\WINDOWS\system32\DRIVERS\risdptsk.sys [2005-07-14 27904]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-09-28 77568]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R3 BCM43XX;ASUS 802.11 ovládač sieťového adaptéru; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2005-02-11 371712]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ATKACPI.sys [2005-02-17 5632]
R3 nvsmu;nvsmu; C:\WINDOWS\system32\DRIVERS\nvsmu.sys [2006-03-07 11136]
R3 rimsptsk;rimsptsk; C:\WINDOWS\system32\DRIVERS\rimsptsk.sys [2005-07-12 51328]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2005-11-16 78976]
R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2005-10-21 191936]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-22 32384]
S0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-11-28 691696]
S0x02000000 OMSCAN;OMSCAN; \Sys []
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2010-01-19 28240]
S1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2010-01-19 162640]
S1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2010-01-19 46544]
S1 DumpDrv;Crash Dump Driver; C:\WINDOWS\system32\drivers\DumpDrv.sys [2009-09-28 9472]
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2010-01-19 19024]
S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2010-01-19 100304]
S2 MDC8021X;AEGIS Protocol (IEEE 802.1x) v2.3.1.9; C:\WINDOWS\system32\DRIVERS\mdc8021x.sys [2009-12-25 15781]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2009-09-28 60800]
S3 ASNDIS5;ASNDIS5 Protocol Driver; \??\C:\WINDOWS\ATK0100\ASNDIS5.SYS []
S3 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2010-01-19 23248]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2007-03-08 49920]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2007-03-08 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2007-03-08 21568]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2008-03-17 101376]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-09-12 4381184]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2009-09-28 61824]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2009-10-06 17664]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2009-10-06 22016]
S3 NPF;WinPcap Packet Driver (NPF); C:\WINDOWS\system32\drivers\NPF.sys [2010-11-28 50704]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2006-04-27 3659968]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RTL8023xp;Realtek 10/100/1000 NIC Family all in one NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2005-11-16 78976]
S3 sdbus;sdbus; C:\WINDOWS\system32\DRIVERS\sdbus.sys [2009-09-28 80384]
S3 smserial;smserial; C:\WINDOWS\system32\DRIVERS\smserial.sys [2006-01-20 862340]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2009-10-06 7936]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2009-10-06 7936]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2009-09-28 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-09-28 82944]
S4 exFat;exFat; C:\WINDOWS\system32\drivers\exFat.sys [2009-09-28 133632]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-19 40384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-25 133104]
S2 hpqddsvc;Služba HP CUE DeviceDiscovery; C:\WINDOWS\system32\svchost.exe [2009-09-28 14848]
S2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-03-28 246520]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-15 153376]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2006-04-24 73728]
S2 Net Driver HPZ12;Net Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2009-09-28 14848]
S2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2006-04-27 143427]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\System32\svchost.exe [2009-09-28 14848]
S2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2009-09-28 14848]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-19 40384]
S3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2010-01-19 40384]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-05-13 194032]
S3 hpqcxs08;hpqcxs08; C:\WINDOWS\system32\svchost.exe [2009-09-28 14848]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-09-28 913920]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
securiti tool virus
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: securiti tool virus
Zdravim, pekny vecer preji a vitam Vas u nas na foru 
Zustante v nouzovem rezimu
Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Zustante v nouzovem rezimu Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
- Pokud ho havet blokuje, pouzijte jeden z nasledujicich
motji píše: Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr
Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif - Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
- Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
- RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
- V zadnem pripade ted nerestartujte PC - prisli byste o ucinek RKillu
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Vložte do PC vsechny USB klice (flash disky, ext.disky apod.)
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: securiti tool virus
neviem ci je to OK ale preplo ma do normalneho modu chvilu tam pracovalo a potom to modre okno zmyzlo
ale report som nasiel
ComboFix 10-11-29.02 - Administrator . 11. 2010 22:54:21.1.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.895.600 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\RelevantKnowledge
C:\Program Files\RelevantKnowledge\chrome.manifest
C:\Program Files\RelevantKnowledge\install.rdf
C:\Program Files\RelevantKnowledge\msvcp71.dll
C:\Program Files\RelevantKnowledge\msvcr71.dll
C:\Program Files\RelevantKnowledge\rloci.bin
C:\Program Files\RelevantKnowledge\shfscp.dat
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\Tasks\fbagent.job
C:\WINDOWS\Temp\_ex-08.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
ale report som nasiel
ComboFix 10-11-29.02 - Administrator . 11. 2010 22:54:21.1.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.895.600 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\RelevantKnowledge
C:\Program Files\RelevantKnowledge\chrome.manifest
C:\Program Files\RelevantKnowledge\install.rdf
C:\Program Files\RelevantKnowledge\msvcp71.dll
C:\Program Files\RelevantKnowledge\msvcr71.dll
C:\Program Files\RelevantKnowledge\rloci.bin
C:\Program Files\RelevantKnowledge\shfscp.dat
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\drivers\npf.sys
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\wpcap.dll
C:\WINDOWS\Tasks\fbagent.job
C:\WINDOWS\Temp\_ex-08.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
Re: securiti tool virus
No tohle OK neni, vic toho v logu neni 
Prihlaste se do nouzoveho rezimu
Opet aplikujte RKill
Spustte znovu ComboFix - po restartu ktery vyvola CF jiz nechte PC nabehnout do normalniho rezimu
Prihlaste se do nouzoveho rezimu Opet aplikujte RKill Spustte znovu ComboFix - po restartu ktery vyvola CF jiz nechte PC nabehnout do normalniho rezimu"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: securiti tool virus
nie, viac tam neni, po restarte to ono spusti, a nemoze to byt tak ze to ta haved zastavi ? lebo mi vyskoci take okno ze securiti tool a zacne hladat virusi
Re: securiti tool virus
Tak mmnt, napisu dalsi postup, zatim CF neopakujte 
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: securiti tool virus
Prihlaste se do nouzoveho rezimu Aplikujte RKill Stahnete OTM (viz muj podpis)
- Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
- Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize
Kód: Vybrat vše
:reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{32099AAC-C132-4136-9E9A-4E364A424E17}"=- "{855F3B16-6D32-4FE6-8A56-BBB695989046}"=- "{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}"=- [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"=- "NeroFilterCheck"=- "HP Software Update"=- "Remote"=- "RecSche"=- "ScanRegistry"=- "Adobe Reader Speed Launcher"=- "Adobe ARM"=- "sniffer"=- [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RelevantKnowledge] [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "C:\WINDOWS\Temp\~os87.tmp\rlvknlg.exe"=- "C:\WINDOWS\Temp\~osD1.tmp\rlvknlg.exe"=- "C:\WINDOWS\Temp\~os63.tmp\rlvknlg.exe"=- "C:\WINDOWS\Temp\~os5B.tmp\rlvknlg.exe"=- "C:\WINDOWS\Temp\~os11E.tmp\rlvknlg.exe"=- "c:\program files\relevantknowledge\rlvknlg.exe"=- :services ICQ Service :files C:\WINDOWS\Temp\_ex-08.exe C:\Program Files\ICQ6Toolbar :\Program Files\DAEMON Tools Toolbar C:\Program Files\BS_Player\tbBS_P.dll C:\WINDOWS\tasks\fbagent.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk C:\WINDOWS\tasks\systems.job %windir%\system32\*.tmp.dll /s %windir%\system32\SET*.tmp /s %windir%\*.tmp /s :commands [RESETHOSTS] [EMPTYTEMP] [EMPTYFLASH]- Kliknete na cervene tlacitko MoveIt!
- Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: securiti tool virus
All processes killed
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HP Software Update deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Remote deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RecSche deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ScanRegistry not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sniffer not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RelevantKnowledge\ not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\Temp\~os87.tmp\rlvknlg.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\Temp\~osD1.tmp\rlvknlg.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\Temp\~os63.tmp\rlvknlg.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\Temp\~os5B.tmp\rlvknlg.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\Temp\~os11E.tmp\rlvknlg.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\c:\program files\relevantknowledge\rlvknlg.exe deleted successfully.
========== SERVICES/DRIVERS ==========
Service ICQ Service stopped successfully!
Service ICQ Service deleted successfully!
========== FILES ==========
File/Folder C:\WINDOWS\Temp\_ex-08.exe not found.
C:\Program Files\ICQ6Toolbar folder moved successfully.
Error: Unable to interpret <:\Program Files\DAEMON Tools Toolbar> in the current context!
Error: Unable to interpret <C:\Program Files\BS_Player\tbBS_P.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\tasks\fbagent.job> in the current context!
Error: Unable to interpret <C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job> in the current context!
Error: Unable to interpret <C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job> in the current context!
Error: Unable to interpret <C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk> in the current context!
Error: Unable to interpret <C:\WINDOWS\tasks\systems.job> in the current context!
Error: Unable to interpret <%windir%\system32\*.tmp.dll /s> in the current context!
Error: Unable to interpret <%windir%\system32\SET*.tmp /s> in the current context!
Error: Unable to interpret <%windir%\*.tmp /s> in the current context!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 391984 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 25644808 bytes
->Opera cache emptied: 240 bytes
->Flash cache emptied: 456 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Notebook
->Temp folder emptied: 749221 bytes
->Temporary Internet Files folder emptied: 34281 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 67203466 bytes
->Google Chrome cache emptied: 594288 bytes
->Opera cache emptied: 18510040 bytes
->Flash cache emptied: 2031 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2869600 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 115991 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 111,00 mb
OTM by OldTimer - Version 3.1.17.2 log created on 11292010_233234
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NeroFilterCheck deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\HP Software Update deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Remote deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\RecSche deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ScanRegistry not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sniffer not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\RelevantKnowledge\ not found.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\Temp\~os87.tmp\rlvknlg.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\Temp\~osD1.tmp\rlvknlg.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\Temp\~os63.tmp\rlvknlg.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\Temp\~os5B.tmp\rlvknlg.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\C:\WINDOWS\Temp\~os11E.tmp\rlvknlg.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list\\c:\program files\relevantknowledge\rlvknlg.exe deleted successfully.
========== SERVICES/DRIVERS ==========
Service ICQ Service stopped successfully!
Service ICQ Service deleted successfully!
========== FILES ==========
File/Folder C:\WINDOWS\Temp\_ex-08.exe not found.
C:\Program Files\ICQ6Toolbar folder moved successfully.
Error: Unable to interpret <:\Program Files\DAEMON Tools Toolbar> in the current context!
Error: Unable to interpret <C:\Program Files\BS_Player\tbBS_P.dll> in the current context!
Error: Unable to interpret <C:\WINDOWS\tasks\fbagent.job> in the current context!
Error: Unable to interpret <C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job> in the current context!
Error: Unable to interpret <C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job> in the current context!
Error: Unable to interpret <C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk> in the current context!
Error: Unable to interpret <C:\WINDOWS\tasks\systems.job> in the current context!
Error: Unable to interpret <%windir%\system32\*.tmp.dll /s> in the current context!
Error: Unable to interpret <%windir%\system32\SET*.tmp /s> in the current context!
Error: Unable to interpret <%windir%\*.tmp /s> in the current context!
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 391984 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 25644808 bytes
->Opera cache emptied: 240 bytes
->Flash cache emptied: 456 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: LocalService
->Temporary Internet Files folder emptied: 33170 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Notebook
->Temp folder emptied: 749221 bytes
->Temporary Internet Files folder emptied: 34281 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 67203466 bytes
->Google Chrome cache emptied: 594288 bytes
->Opera cache emptied: 18510040 bytes
->Flash cache emptied: 2031 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2869600 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 115991 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 111,00 mb
OTM by OldTimer - Version 3.1.17.2 log created on 11292010_233234
Re: securiti tool virus
Jeste jeden skript pro OTM prosim
Kód: Vybrat vše
:files
c:\Program Files\DAEMON Tools Toolbar
C:\Program Files\BS_Player\tbBS_P.dll
C:\WINDOWS\tasks\fbagent.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk
C:\WINDOWS\tasks\systems.job
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s
:commands
[REBOOT]
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: securiti tool virus
========== FILES ==========
c:\Program Files\DAEMON Tools Toolbar\Resources folder moved successfully.
c:\Program Files\DAEMON Tools Toolbar folder moved successfully.
C:\Program Files\BS_Player\tbBS_P.dll moved successfully.
File/Folder C:\WINDOWS\tasks\fbagent.job not found.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk moved successfully.
C:\WINDOWS\tasks\systems.job moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1178.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP11BC.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP15D.tmp folder moved successfully.
C:\WINDOWS\system32\config\systemprofile\nst1097.tmp folder moved successfully.
C:\WINDOWS\temp\3.tmp moved successfully.
C:\WINDOWS\temp\5.tmp moved successfully.
C:\WINDOWS\twain_32\hpqgnds2.tmp moved successfully.
========== COMMANDS ==========
OTM by OldTimer - Version 3.1.17.2 log created on 11292010_234543
po restarte este vyskocil, a inac tam mi tusim nieco ostalo este ztoho prveho kroku, ked si mam vybrat OS ktory mam spustit, tak tam je jedna moznost co vytvoril asi ten CF
c:\Program Files\DAEMON Tools Toolbar\Resources folder moved successfully.
c:\Program Files\DAEMON Tools Toolbar folder moved successfully.
C:\Program Files\BS_Player\tbBS_P.dll moved successfully.
File/Folder C:\WINDOWS\tasks\fbagent.job not found.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\McAfee Security Scan Plus.lnk moved successfully.
C:\WINDOWS\tasks\systems.job moved successfully.
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1178.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP11BC.tmp folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP15D.tmp folder moved successfully.
C:\WINDOWS\system32\config\systemprofile\nst1097.tmp folder moved successfully.
C:\WINDOWS\temp\3.tmp moved successfully.
C:\WINDOWS\temp\5.tmp moved successfully.
C:\WINDOWS\twain_32\hpqgnds2.tmp moved successfully.
========== COMMANDS ==========
OTM by OldTimer - Version 3.1.17.2 log created on 11292010_234543
po restarte este vyskocil, a inac tam mi tusim nieco ostalo este ztoho prveho kroku, ked si mam vybrat OS ktory mam spustit, tak tam je jedna moznost co vytvoril asi ten CF
Re: securiti tool virus
Pri spusteni PC Vam vyskoci na cca 2 vteriny nabidka jestli chcete spustit Windows nebo konzolu pro zotaveni (Recovery Console) - pokud nic nedate, zapne se automaticky windows - ta RC se Vam muze hodit kdyby WINy zkolabovaly. Navic z RC jdou obnovovat poskozene systemove soubory a dobre se v ni maze i odolna havet typu rootkity Zkuste nyni spustit ComboFix, pokud nepujde, udelejte MBAM v nouzovem rezimu - navod nize Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)
- Provedte aktualizaci - treti zalozka
- Provedte uplny sken - nic nemazte
- MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: securiti tool virus
no je tam ten recovery, windows a tretie je nieco sa mi zda ze ladenie alebo nieco take
Re: securiti tool virus
To bude videt v logu z CF pokud se jej povede udelat, pripadne se na to podivame jinak...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: securiti tool virus
same vyhodilo log
ComboFix 10-11-29.03 - Administrator . 11. 2010 0:08.2.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.895.722 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\RelevantKnowledge\chrome.manifest
c:\program files\RelevantKnowledge\install.rdf
c:\program files\RelevantKnowledge\msvcp71.dll
c:\program files\RelevantKnowledge\msvcr71.dll
c:\program files\RelevantKnowledge\rloci.bin
c:\program files\RelevantKnowledge\shfscp.dat
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
c:\windows\Tasks\fbagent.job
c:\windows\Temp\_ex-08.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2010-10-28 to 2010-11-29 )))))))))))))))))))))))))))))))
.
2010-11-29 23:03 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 23:03 . 2010-11-29 23:03 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-11-29 23:03 . 2010-11-29 23:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-29 23:03 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 22:32 . 2010-11-29 22:32 -------- d-----w- C:\_OTM
2010-11-29 21:32 . 2010-11-29 21:34 -------- d-----w- c:\program files\trend micro
2010-11-29 21:32 . 2010-11-29 21:33 -------- d-----w- C:\rsit
2010-11-29 21:32 . 2008-04-14 05:51 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-11-29 21:32 . 2008-04-14 04:59 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-11-29 19:21 . 2001-10-24 08:54 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-11-29 19:21 . 2001-10-24 08:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-11-29 19:21 . 2008-04-13 21:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-11-29 19:21 . 2008-04-13 21:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-11-29 18:09 . 2010-11-29 18:09 -------- d-----w- c:\documents and settings\Administrator
2010-11-28 18:49 . 2010-11-28 18:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2010-11-28 18:37 . 2010-11-28 18:37 900608 ----a-w- c:\documents and settings\Notebook\Local Settings\Data aplikací\459249758.exe
2010-11-28 18:37 . 2010-11-28 18:37 65536 ----a-w- c:\documents and settings\Notebook\Data aplikací\xhrd.exe
2010-11-28 18:37 . 2010-11-28 18:37 174592 ----a-w- c:\documents and settings\Notebook\Data aplikací\pbhx.exe
2010-11-28 12:50 . 2010-11-28 12:51 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-11-26 10:55 . 2010-11-26 10:55 -------- d-----w- c:\program files\Common Files\Java
2010-11-26 10:55 . 2010-09-15 03:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-26 10:55 . 2010-09-15 03:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-14 14:44 . 2010-11-14 14:44 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-14 13:36 . 2010-11-14 13:36 -------- d-----w- c:\program files\7-Zip
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-28 12:50 . 2009-12-19 19:17 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-10-05 13:33 . 2010-02-19 20:57 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-10-05 13:33 . 2010-10-05 13:33 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-10-05 13:33 . 2010-10-05 13:33 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-15 01:29 . 2009-12-17 22:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
------- Sigcheck -------
[-] 2009-09-28 . 66E217E5E009815E06BA4F632794B731 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-03-17 13:45 2355224 ----a-w- c:\program files\Softonic-Eng7\tbSoft.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 16264192]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SMSERIAL"="sm56hlpr.exe" [2006-01-20 544768]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 761945]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7561216]
"nwiz"="nwiz.exe" [2006-04-27 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-27 86016]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-08-23 110592]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-09-28 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19. 12. 2009 20:17 691696]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19. 12. 2009 20:30 162640]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [28. 9. 2009 14:38 9472]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19. 12. 2009 20:30 19024]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25. 1. 2010 18:16 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15. 1. 2010 13:49 227232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} - hxxp://static.s2g.gate5.de/ovi_maps/OviMaps_2.3.37.3.cab
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\2k63kgsl.default\
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -
BHO-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-30 00:12
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(676)
c:\windows\system32\msi.dll
.
Completion time: 2010-11-30 00:13:32
ComboFix-quarantined-files.txt 2010-11-29 23:13
Pre-Run: Volných bajtů: 17 045 274 624
Post-Run: Volných bajtů: 16 995 430 400
- - End Of File - - E3D9C27D9F78D87DABFCBDE7268577DD
ComboFix 10-11-29.03 - Administrator . 11. 2010 0:08.2.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.895.722 [GMT 1:00]
Running from: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\RelevantKnowledge\chrome.manifest
c:\program files\RelevantKnowledge\install.rdf
c:\program files\RelevantKnowledge\msvcp71.dll
c:\program files\RelevantKnowledge\msvcr71.dll
c:\program files\RelevantKnowledge\rloci.bin
c:\program files\RelevantKnowledge\shfscp.dat
c:\windows\system32\AutoRun.inf
c:\windows\system32\drivers\npf.sys
c:\windows\system32\Packet.dll
c:\windows\system32\wpcap.dll
c:\windows\Tasks\fbagent.job
c:\windows\Temp\_ex-08.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_NPF
-------\Service_NPF
((((((((((((((((((((((((( Files Created from 2010-10-28 to 2010-11-29 )))))))))))))))))))))))))))))))
.
2010-11-29 23:03 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-29 23:03 . 2010-11-29 23:03 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2010-11-29 23:03 . 2010-11-29 23:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-29 23:03 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 22:32 . 2010-11-29 22:32 -------- d-----w- C:\_OTM
2010-11-29 21:32 . 2010-11-29 21:34 -------- d-----w- c:\program files\trend micro
2010-11-29 21:32 . 2010-11-29 21:33 -------- d-----w- C:\rsit
2010-11-29 21:32 . 2008-04-14 05:51 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-11-29 21:32 . 2008-04-14 04:59 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-11-29 19:21 . 2001-10-24 08:54 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2010-11-29 19:21 . 2001-10-24 08:54 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2010-11-29 19:21 . 2008-04-13 21:15 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2010-11-29 19:21 . 2008-04-13 21:15 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2010-11-29 18:09 . 2010-11-29 18:09 -------- d-----w- c:\documents and settings\Administrator
2010-11-28 18:49 . 2010-11-28 18:53 -------- d-----w- c:\documents and settings\All Users\Data aplikací\MFAData
2010-11-28 18:37 . 2010-11-28 18:37 900608 ----a-w- c:\documents and settings\Notebook\Local Settings\Data aplikací\459249758.exe
2010-11-28 18:37 . 2010-11-28 18:37 65536 ----a-w- c:\documents and settings\Notebook\Data aplikací\xhrd.exe
2010-11-28 18:37 . 2010-11-28 18:37 174592 ----a-w- c:\documents and settings\Notebook\Data aplikací\pbhx.exe
2010-11-28 12:50 . 2010-11-28 12:51 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-11-26 10:55 . 2010-11-26 10:55 -------- d-----w- c:\program files\Common Files\Java
2010-11-26 10:55 . 2010-09-15 03:50 472808 ----a-w- c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-11-26 10:55 . 2010-09-15 03:50 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-14 14:44 . 2010-11-14 14:44 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-14 13:36 . 2010-11-14 13:36 -------- d-----w- c:\program files\7-Zip
2010-11-06 10:37 . 2010-11-06 10:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-28 12:50 . 2009-12-19 19:17 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-10-05 13:33 . 2010-02-19 20:57 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2010-10-05 13:33 . 2010-10-05 13:33 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2010-10-05 13:33 . 2010-10-05 13:33 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2010-09-15 01:29 . 2009-12-17 22:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
------- Sigcheck -------
[-] 2009-09-28 . 66E217E5E009815E06BA4F632794B731 . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2010-03-17 13:45 2355224 ----a-w- c:\program files\Softonic-Eng7\tbSoft.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files\Softonic-Eng7\tbSoft.dll" [2010-03-17 2355224]
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 16264192]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"SMSERIAL"="sm56hlpr.exe" [2006-01-20 544768]
"Power_Gear"="c:\program files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 86016]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 761945]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-04-27 7561216]
"nwiz"="nwiz.exe" [2006-04-27 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-04-27 86016]
"HControl"="c:\windows\ATK0100\HControl.exe" [2006-08-23 110592]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Wireless Console 2"="c:\program files\Wireless Console 2\wcourier.exe" [2005-10-17 987136]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-09-28 304128]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [19. 12. 2009 20:17 691696]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [19. 12. 2009 20:30 162640]
S1 DumpDrv;Crash Dump Driver;c:\windows\system32\drivers\dumpdrv.sys [28. 9. 2009 14:38 9472]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [19. 12. 2009 20:30 19024]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [25. 1. 2010 18:16 133104]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [15. 1. 2010 13:49 227232]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
DPF: {4FEE6316-7B6F-4A6C-BD4E-4157C59A9E9D} - hxxp://static.s2g.gate5.de/ovi_maps/OviMaps_2.3.37.3.cab
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\2k63kgsl.default\
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -
BHO-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
AddRemove-{d08d9f98-1c78-4704-87e6-368b0023d831} - c:\program files\RelevantKnowledge\rlvknlg.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-30 00:12
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN]
"ImagePath"="\Sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(676)
c:\windows\system32\msi.dll
.
Completion time: 2010-11-30 00:13:32
ComboFix-quarantined-files.txt 2010-11-29 23:13
Pre-Run: Volných bajtů: 17 045 274 624
Post-Run: Volných bajtů: 16 995 430 400
- - End Of File - - E3D9C27D9F78D87DABFCBDE7268577DD
Re: securiti tool virus
Tohle uz vypada daleko lepe, jak se chova PC
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?