Prajem dobry vecer.
Kamarat mi odporucil tento web na vyriesenie mojho problemu.
Takze problem je takyto kamaratke sa ex priatel stale naburava neakym sposobom do PC a meni jej Hesla na web strankach typu pokec.sk, facebook, e-mail(kde ma dolezite veci z prace).
Tak by som sa rad popytal vas odbornikou ci neviete akym sposobom jej tie hesla stale zistuje a meni jej to popripade co proti tomu spravit aby sa to uz viac neopakovalo.
Vopred dakujem.
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Hacknuty Password.
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Re: Hacknuty Password.
Pokud nepoužívá hesla typu: svoje_jmeno | datum_narozeni atp., vložte prosím RSIT log.
~~~
Random's System Information Tool
~~~
Random's System Information Tool
- Stáhněte a uložte na Plochu RSIT.
- Spusťte, nechte v rolovacím menu '1 month' a klikněte na 'Continue'.
- Vyčkejte několik vteřin, než se vygeneruje log se jménem log.txt
- Pokud nebude log vygenerován, naleznete jej v C:\rsit\log.txt
- Obsah tohoto logu vložte do svého příspěvku.
inactive
Re: Hacknuty Password.
Vravela ze pouziva 12 miestne hesla zlozene z cisiel slov atd.
Ono ja to teraz nevyriesim tento problem pretoze pisem z PC ktory mam doma. No a to budem musiet ten program spustit u nej v pc ze?
Ono ja to teraz nevyriesim tento problem pretoze pisem z PC ktory mam doma. No a to budem musiet ten program spustit u nej v pc ze?
Re: Hacknuty Password.
Tak ja teda zajtra alebo pozajtra k nej zbehnem a spravim to no neviem co dalej 
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Re: Hacknuty Password.
No to je super, tak dufam ze sa to takto vyriesi pretoze ten moj kamarat tiez spominal keylogera ktoreho mohla dostat napr v e maile alebo fotke alebo niecom inom.
Re: Hacknuty Password.
No tak som jej poslal ten RSIT programik a spustila to sama a tuna je ten log.
Logfile of random's system information tool 1.06 (written by
random/random)
Run by Slavka at 2010-02-14 10:41:57
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (6%) free of 30 GB
Total RAM: 255 MB (31% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:59, on 14.2.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:Program FilesICQ6ToolbarICQ Service.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSsystem32VTTimer.exe
C:Program FilesWinampwinampa.exe
C:Program FilesSony EricssonMobile2Application LauncherApplication
Launcher.exe
C:Program FilesSweetIMMessengerSweetIM.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesCyberLinkPowerDVD9PDVD9Serv.exe
C:Program FilesESETESET NOD32 Antivirusegui.exe
C:Program FilesMessengermsmsgs.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesCommon FilesTeleca SharedCapabilityManager.exe
C:Program FilesATI TechnologiesATI.ACECLI.exe
C:Program FilesVIA Technologies, IncVIA Audio Driver Setup
ProgramAudioDeckAudioDeck.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesCommon FilesTeleca SharedGeneric.exe
C:Program FilesSony EricssonMobile2Mobile Phone
Monitorepmworker.exe
C:Program FilesICQ6.5ICQ.exe
C:Documents and SettingsSlavkaPlochaRSIT.exe
C:Program Filestrend microSlavka.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://search.conduit.com?SearchSource= ... =CT2189222
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
Odkazy
R3 - URLSearchHook: QIPBHO Class -
{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:Program FilesInternet
Explorerqipsearchbar.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class -
{EEE6C35D-6118-11DC-9C72-001320C79847} - C:Program
FilesSweetIMToolbarsInternet ExplorermgHelper.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046}
- C:Program FilesICQ6ToolbarICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: MAX EN Atube Toolbar -
{ee78981f-3768-4f82-9241-9aa5f3712651} - C:Program
FilesP2P_MAX_EN_AtubetbP2P1.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} -
C:PROGRA~1ICQTOO~1toolbaru.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -
C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:Documents
and SettingsMamkaData aplikacíMicrosoftInternet
Explorerqipsearchbar.dll (file missing)
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:Program
FilesInternet Explorerqipsearchbar.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} -
C:Program FilesAsk.comGenericAskToolbar.dll
O2 - BHO: MAX EN Atube Toolbar - {ee78981f-3768-4f82-9241-9aa5f3712651}
- C:Program FilesP2P_MAX_EN_AtubetbP2P1.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:Program
FilesSweetIMToolbarsInternet ExplorermgToolbarIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer -
{EEE6C35B-6118-11DC-9C72-001320C79847} - C:Program
FilesSweetIMToolbarsInternet ExplorermgToolbarIE.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} -
C:Program FilesICQ6ToolbarICQToolBar.dll
O3 - Toolbar: MAX EN Atube Toolbar -
{ee78981f-3768-4f82-9241-9aa5f3712651} - C:Program
FilesP2P_MAX_EN_AtubetbP2P1.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} -
C:Program FilesAsk.comGenericAskToolbar.dll
O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [VTTimer] VTTimer.exe
O4 - HKLM..Run: [VTTrayp] VTtrayp.exe
O4 - HKLM..Run: [WinampAgent] "C:Program FilesWinampwinampa.exe"
O4 - HKLM..Run: [Sony Ericsson PC Suite] "C:Program FilesSony
EricssonMobile2Application LauncherApplication Launcher.exe"
/startoptions
O4 - HKLM..Run: [SweetIM] C:Program
FilesSweetIMMessengerSweetIM.exe
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program
FilesAdobeReader 9.0ReaderReader_sl.exe"
O4 - HKLM..Run: [ATICCC] "C:Program FilesATI
TechnologiesATI.ACEcli.exe" runtime
O4 - HKLM..Run: [RemoteControl9] "C:Program
FilesCyberLinkPowerDVD9PDVD9Serv.exe"
O4 - HKLM..Run: [PDVD9LanguageShortcut] "C:Program
FilesCyberLinkPowerDVD9LanguageLanguage.exe"
O4 - HKLM..Run: [egui] "C:Program FilesESETESET NOD32
Antivirusegui.exe" /hide /waitservice
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe"
/background
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE
(User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE
(User 'NETWORK SERVICE')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE
(User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE
(User 'Default user')
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:Program FilesATI
TechnologiesATI.ACECLI.exe
O4 - Global Startup: AudioDeck.lnk = C:Program FilesVIA Technologies,
IncVIA Audio Driver Setup ProgramAudioDeckAudioDeck.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver -
res://C:WINDOWSsystem32GPhotos.scr/200
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel -
res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} -
C:Program FilesICQ6.5ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 -
{E59EB121-F339-4851-A3BA-FE49C35617C2} - C:Program FilesICQ6.5ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program
FilesMessengermsmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -
C:WINDOWSsystem32ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:Program
FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:Program FilesESETESET
NOD32 Antivirusekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program
FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:Program
FilesICQ6ToolbarICQ Service.exe
--
End of file - 7718 bytes
======Scheduled tasks folder======
C:WINDOWStasksScheduled Update for Ask Toolbar.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser
Helper Objects{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:PROGRA~1ICQTOO~1toolbaru.dll [2006-12-25 701952]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser
Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:Program FilesCommon
FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser
Helper Objects{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:Documents and SettingsMamkaData
aplikacíMicrosoftInternet Explorerqipsearchbar.dll []
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser
Helper Objects{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:Program FilesInternet Explorerqipsearchbar.dll
[2009-07-09 150768]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser
Helper Objects{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:Program FilesAsk.comGenericAskToolbar.dll [2009-05-06
1145736]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser
Helper Objects{ee78981f-3768-4f82-9241-9aa5f3712651}]
MAX EN Atube Toolbar - C:Program FilesP2P_MAX_EN_AtubetbP2P1.dll
[2010-02-11 2349080]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser
Helper Objects{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:Program FilesSweetIMToolbarsInternet
ExplorermgToolbarIE.dll [2008-10-08 1172792]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet
Explorer - C:Program FilesSweetIMToolbarsInternet
ExplorermgToolbarIE.dll [2008-10-08 1172792]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:Program
FilesICQ6ToolbarICQToolBar.dll [2009-06-01 962808]
{ee78981f-3768-4f82-9241-9aa5f3712651} - MAX EN Atube Toolbar -
C:Program FilesP2P_MAX_EN_AtubetbP2P1.dll [2010-02-11 2349080]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:Program
FilesAsk.comGenericAskToolbar.dll [2009-05-06 1145736]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"SoundMan"=C:WINDOWSSOUNDMAN.EXE [2006-08-02 577536]
"VTTimer"=C:WINDOWSsystem32VTTimer.exe [2005-03-07 53248]
"VTTrayp"=C:WINDOWSsystem32VTtrayp.exe [2006-03-23 176128]
"WinampAgent"=C:Program FilesWinampwinampa.exe [2009-07-01 37888]
""= []
"Sony Ericsson PC Suite"=C:Program FilesSony
EricssonMobile2Application LauncherApplication Launcher.exe
[2005-10-26 159744]
"SweetIM"=C:Program FilesSweetIMMessengerSweetIM.exe [2009-03-05
111928]
"Adobe Reader Speed Launcher"=C:Program FilesAdobeReader
9.0ReaderReader_sl.exe [2008-06-12 34672]
"ATICCC"=C:Program FilesATI TechnologiesATI.ACEcli.exe [2005-08-06
61440]
"RemoteControl9"=C:Program FilesCyberLinkPowerDVD9PDVD9Serv.exe
[2009-02-16 87336]
"PDVD9LanguageShortcut"=C:Program
FilesCyberLinkPowerDVD9LanguageLanguage.exe [2008-10-13 50472]
"egui"=C:Program FilesESETESET NOD32 Antivirusegui.exe [2009-11-16
2054360]
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
"MSMSGS"=C:Program FilesMessengermsmsgs.exe [2004-08-17 1667584]
"ctfmon.exe"=C:WINDOWSsystem32ctfmon.exe [2004-08-17 15360]
C:Documents and SettingsAll UsersNabídka StartProgramyPo
spuštění
ATI CATALYST System Tray.lnk - C:Program FilesATI
TechnologiesATI.ACECLI.exe
AudioDeck.lnk - C:Program FilesVIA Technologies, IncVIA Audio Driver
Setup ProgramAudioDeckAudioDeck.exe
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows
NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2005-08-04 46080]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows
NTCurrentVersionWinlogonNotifyWgaLogon]
C:WINDOWSsystem32WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkUploadMgr]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:totalcmdTOTALCMD.EXE"="C:totalcmdTOTALCMD.EXE:*:Enabled:Total
Commander 32 bit international version, file manager replacement for
Windows"
"C:Program FilesInternet Exploreriexplore.exe"="C:Program
FilesInternet Exploreriexplore.exe:*:Enabled:Internet Explorer"
"C:Program FilesICQ6ICQ.exe"="C:Program
FilesICQ6ICQ.exe:*:Enabled:ICQ Library"
"C:Program FilesCyberLinkPowerDVD9PowerDVD
CinemaPowerDVDCinema.exe"="C:Program
FilesCyberLinkPowerDVD9PowerDVD
CinemaPowerDVDCinema.exe:*:Enabled:CyberLink PowerDVD 9.0"
"C:Program FilesCyberLinkPowerDVD9PowerDVD9.exe"="C:Program
FilesCyberLinkPowerDVD9PowerDVD9.exe:*:Enabled:CyberLink PowerDVD
9.0"
"C:Program FilesICQ6.5ICQ.exe"="C:Program
FilesICQ6.5ICQ.exe:*:Enabled:ICQ6"
"C:Program FilesQIPqip.exe"="C:Program
FilesQIPqip.exe:*:Enabled:Quiet Internet Pager"
"C:Program FilesSkypePhoneSkype.exe"="C:Program
FilesSkypePhoneSkype.exe:*:Enabled:Skype"
"C:Program FilesAntikVirtualSTBAntikVirtualSTB.exe"="C:Program
FilesAntikVirtualSTBAntikVirtualSTB.exe:*:Enabled:AntikVirtualSTB"
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:Program FilesCyberLinkPowerDVD9PowerDVD9.exe"="C:Program
FilesCyberLinkPowerDVD9PowerDVD9.exe:*:Enabled:CyberLink PowerDVD
9.0"
======List of files/folders created in the last 1 months======
2010-02-14 10:27:49 ----D---- C:Program Filestrend micro
2010-02-14 10:27:44 ----D---- C:rsit
2010-02-10 10:38:05 ----HDC---- C:WINDOWS$NtUninstallKB978262$
2010-02-10 10:37:50 ----HDC---- C:WINDOWS$NtUninstallKB971468$
2010-02-10 10:35:41 ----HDC---- C:WINDOWS$NtUninstallKB978037$
2010-02-10 10:35:32 ----HDC---- C:WINDOWS$NtUninstallKB975713$
2010-02-10 10:35:18 ----HDC---- C:WINDOWS$NtUninstallKB978251$
2010-02-10 10:35:09 ----HDC---- C:WINDOWS$NtUninstallKB975560$
2010-02-10 10:34:55 ----HDC---- C:WINDOWS$NtUninstallKB977914$
2010-02-10 10:34:37 ----HDC---- C:WINDOWS$NtUninstallKB978706$
2010-02-10 10:34:11 ----HDC---- C:WINDOWS$NtUninstallKB977165$
2010-02-04 20:41:19 ----D---- C:Program FilesAntikVirtualSTB
======List of files/folders modified in the last 1 months======
2010-02-14 10:41:28 ----D---- C:WINDOWSPrefetch
2010-02-14 10:36:49 ----D---- C:WINDOWSTemp
2010-02-14 10:27:49 ----RD---- C:Program Files
2010-02-14 09:36:24 ----D---- C:WINDOWS
2010-02-14 01:16:37 ----A---- C:WINDOWSSchedLgU.Txt
2010-02-12 19:37:46 ----SD---- C:WINDOWSDownloaded Program Files
2010-02-12 19:29:18 ----D---- C:WINDOWSsystem32CatRoot2
2010-02-11 20:06:55 ----D---- C:Program FilesP2P_MAX_EN_Atube
2010-02-10 11:00:26 ----D---- C:WINDOWSsystem32
2010-02-10 10:38:09 ----HD---- C:WINDOWSinf
2010-02-10 10:38:04 ----HD---- C:WINDOWS$hf_mig$
2010-02-10 10:38:01 ----A---- C:WINDOWSimsins.BAK
2010-02-10 10:37:54 ----RSHDC---- C:WINDOWSsystem32dllcache
2010-02-10 10:37:54 ----D---- C:WINDOWSsystem32drivers
2010-02-04 20:49:15 ----RSD---- C:WINDOWSassembly
2010-02-04 20:48:45 ----D---- C:WINDOWSMicrosoft.NET
2010-02-04 20:48:28 ----SHD---- C:Config.Msi
2010-02-04 20:48:26 ----A---- C:WINDOWSsystem32PerfStringBackup.INI
2010-02-04 20:48:06 ----SHD---- C:WINDOWSInstaller
2010-02-04 20:47:30 ----D---- C:WINDOWSWinSxS
2010-02-04 20:46:06 ----D---- C:Program FilesInternet Explorer
2010-02-01 20:26:20 ----A---- C:WINDOWSsystem32MRT.exe
2010-01-29 22:56:11 ----D---- C:Documents and SettingsSlavkaData
aplikacíICQ
2010-01-29 08:13:12 ----D---- C:Program FilesESET
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto,
3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:WINDOWSSystem32DRIVERSAmdK8.sys
[2005-03-09 36352]
R1 ehdrv;ehdrv; C:WINDOWSsystem32DRIVERSehdrv.sys [2009-11-16
108792]
R1 epfwtdir;epfwtdir; C:WINDOWSsystem32DRIVERSepfwtdir.sys
[2009-11-16 96408]
R2 eamon;eamon; C:WINDOWSsystem32DRIVERSeamon.sys [2009-11-16
116520]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys
[2005-08-04 1273344]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;
C:WINDOWSSystem32DRIVERSfetnd5.sys [2001-08-17 27165]
R3 usbhub;Rozbočovač umožnující USB2;
C:WINDOWSSystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče
USB od společnosti Microsoft; C:WINDOWSSystem32DRIVERSusbuhci.sys
[2004-08-03 20480]
R3 VIAudio;VIA AC'97 Audio Controller (WDM);
C:WINDOWSsystem32driversviaudios.sys [2003-06-16 369920]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM);
C:WINDOWSsystem32driversALCXWDM.SYS [2006-08-18 4017536]
S3 cmuda;C-Media WDM Audio Interface;
C:WINDOWSsystem32driverscmuda.sys [2004-04-23 818496]
S3 GMSIPCI;GMSIPCI; ??E:INSTALLGMSIPCI.SYS []
S3 NTACCESS;NTACCESS; ??E:NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; ??E:NTGLM7X.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;
C:WINDOWSSystem32DRIVERSusbccgp.sys [2004-08-03 31616]
S3 usbscan;Ovladač skeneru USB; C:WINDOWSsystem32DRIVERSusbscan.sys
[2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;
C:WINDOWSSystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 viagfx;viagfx; C:WINDOWSSystem32DRIVERSvtmini.sys [2006-04-13
252416]
S3 Vsp;Vsp; ??C:WINDOWSSystem32driversVsp.sys []
S3 w200bus;Sony Ericsson W200 driver (WDM);
C:WINDOWSSystem32DRIVERSw200bus.sys [2006-11-07 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;
C:WINDOWSSystem32DRIVERSw200mdfl.sys [2006-11-07 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;
C:WINDOWSSystem32DRIVERSw200mdm.sys [2006-11-07 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);
C:WINDOWSSystem32DRIVERSw200mgmt.sys [2006-11-07 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;
C:WINDOWSSystem32DRIVERSw200obex.sys [2006-11-07 86368]
S3 WpdUsb;WpdUsb; C:WINDOWSSystem32Driverswpdusb.sys [2005-01-28
18944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows
Socket 2.0 bez podpory IFS; C:WINDOWSSystem32driversws2ifsl.sys
[2001-10-25 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto,
3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe
[2005-08-04 380928]
R2 ekrn;ESET Service; C:Program FilesESETESET NOD32
Antivirusekrn.exe [2009-11-16 735960]
R2 ICQ Service;ICQ Service; C:Program FilesICQ6ToolbarICQ Service.exe
[2009-06-01 222968]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft
SharedVS7DEBUGMDM.EXE [2003-06-19 322120]
R2 UMWdf;Windows User Mode Driver Framework;
C:WINDOWSSystem32wdfmgr.exe [2005-01-28 38912]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2005-08-05
516096]
S3 aspnet_state;ASP.NET State Service;
C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe
[2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service
v2.0.50727_X86;
C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24
70144]
S3 EhttpSrv;ESET HTTP Server; C:Program FilesESETESET NOD32
AntivirusEHttpSrv.exe [2009-11-16 20680]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle
UpdaterGoogleUpdaterService.exe [2008-11-20 136120]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft
SharedSource EngineOSE.EXE [2003-07-28 89136]
-----------------EOF-----------------
Logfile of random's system information tool 1.06 (written by
random/random)
Run by Slavka at 2010-02-14 10:41:57
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (6%) free of 30 GB
Total RAM: 255 MB (31% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:59, on 14.2.2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSsystem32svchost.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32spoolsv.exe
C:Program FilesESETESET NOD32 Antivirusekrn.exe
C:Program FilesICQ6ToolbarICQ Service.exe
C:Program FilesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32Ati2evxx.exe
C:WINDOWSExplorer.EXE
C:WINDOWSSOUNDMAN.EXE
C:WINDOWSsystem32VTTimer.exe
C:Program FilesWinampwinampa.exe
C:Program FilesSony EricssonMobile2Application LauncherApplication
Launcher.exe
C:Program FilesSweetIMMessengerSweetIM.exe
C:Program FilesATI TechnologiesATI.ACEcli.exe
C:Program FilesCyberLinkPowerDVD9PDVD9Serv.exe
C:Program FilesESETESET NOD32 Antivirusegui.exe
C:Program FilesMessengermsmsgs.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesCommon FilesTeleca SharedCapabilityManager.exe
C:Program FilesATI TechnologiesATI.ACECLI.exe
C:Program FilesVIA Technologies, IncVIA Audio Driver Setup
ProgramAudioDeckAudioDeck.exe
C:WINDOWSsystem32wuauclt.exe
C:Program FilesCommon FilesTeleca SharedGeneric.exe
C:Program FilesSony EricssonMobile2Mobile Phone
Monitorepmworker.exe
C:Program FilesICQ6.5ICQ.exe
C:Documents and SettingsSlavkaPlochaRSIT.exe
C:Program Filestrend microSlavka.exe
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://search.conduit.com?SearchSource= ... =CT2189222
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLMSoftwareMicrosoftInternet ExplorerMain,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
Odkazy
R3 - URLSearchHook: QIPBHO Class -
{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:Program FilesInternet
Explorerqipsearchbar.dll
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class -
{EEE6C35D-6118-11DC-9C72-001320C79847} - C:Program
FilesSweetIMToolbarsInternet ExplorermgHelper.dll
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046}
- C:Program FilesICQ6ToolbarICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: MAX EN Atube Toolbar -
{ee78981f-3768-4f82-9241-9aa5f3712651} - C:Program
FilesP2P_MAX_EN_AtubetbP2P1.dll
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} -
C:PROGRA~1ICQTOO~1toolbaru.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -
C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:Documents
and SettingsMamkaData aplikacíMicrosoftInternet
Explorerqipsearchbar.dll (file missing)
O2 - BHO: QIPBHO - {A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE} - C:Program
FilesInternet Explorerqipsearchbar.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} -
C:Program FilesAsk.comGenericAskToolbar.dll
O2 - BHO: MAX EN Atube Toolbar - {ee78981f-3768-4f82-9241-9aa5f3712651}
- C:Program FilesP2P_MAX_EN_AtubetbP2P1.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:Program
FilesSweetIMToolbarsInternet ExplorermgToolbarIE.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer -
{EEE6C35B-6118-11DC-9C72-001320C79847} - C:Program
FilesSweetIMToolbarsInternet ExplorermgToolbarIE.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} -
C:Program FilesICQ6ToolbarICQToolBar.dll
O3 - Toolbar: MAX EN Atube Toolbar -
{ee78981f-3768-4f82-9241-9aa5f3712651} - C:Program
FilesP2P_MAX_EN_AtubetbP2P1.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} -
C:Program FilesAsk.comGenericAskToolbar.dll
O4 - HKLM..Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [VTTimer] VTTimer.exe
O4 - HKLM..Run: [VTTrayp] VTtrayp.exe
O4 - HKLM..Run: [WinampAgent] "C:Program FilesWinampwinampa.exe"
O4 - HKLM..Run: [Sony Ericsson PC Suite] "C:Program FilesSony
EricssonMobile2Application LauncherApplication Launcher.exe"
/startoptions
O4 - HKLM..Run: [SweetIM] C:Program
FilesSweetIMMessengerSweetIM.exe
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program
FilesAdobeReader 9.0ReaderReader_sl.exe"
O4 - HKLM..Run: [ATICCC] "C:Program FilesATI
TechnologiesATI.ACEcli.exe" runtime
O4 - HKLM..Run: [RemoteControl9] "C:Program
FilesCyberLinkPowerDVD9PDVD9Serv.exe"
O4 - HKLM..Run: [PDVD9LanguageShortcut] "C:Program
FilesCyberLinkPowerDVD9LanguageLanguage.exe"
O4 - HKLM..Run: [egui] "C:Program FilesESETESET NOD32
Antivirusegui.exe" /hide /waitservice
O4 - HKCU..Run: [MSMSGS] "C:Program FilesMessengermsmsgs.exe"
/background
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKUSS-1-5-19..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE
(User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE
(User 'NETWORK SERVICE')
O4 - HKUSS-1-5-18..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE
(User 'SYSTEM')
O4 - HKUS.DEFAULT..Run: [CTFMON.EXE] C:WINDOWSSystem32CTFMON.EXE
(User 'Default user')
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:Program FilesATI
TechnologiesATI.ACECLI.exe
O4 - Global Startup: AudioDeck.lnk = C:Program FilesVIA Technologies,
IncVIA Audio Driver Setup ProgramAudioDeckAudioDeck.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver -
res://C:WINDOWSsystem32GPhotos.scr/200
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel -
res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií -
{92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} -
C:Program FilesICQ6.5ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 -
{E59EB121-F339-4851-A3BA-FE49C35617C2} - C:Program FilesICQ6.5ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program
FilesMessengermsmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -
http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -
C:PROGRA~1COMMON~1SkypeSKYPE4~1.DLL
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. -
C:WINDOWSsystem32Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner -
C:WINDOWSsystem32ati2sgag.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:Program
FilesESETESET NOD32 AntivirusEHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:Program FilesESETESET
NOD32 Antivirusekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:Program
FilesGoogleCommonGoogle UpdaterGoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:Program
FilesICQ6ToolbarICQ Service.exe
--
End of file - 7718 bytes
======Scheduled tasks folder======
C:WINDOWStasksScheduled Update for Ask Toolbar.job
======Registry dump======
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser
Helper Objects{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:PROGRA~1ICQTOO~1toolbaru.dll [2006-12-25 701952]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser
Helper Objects{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:Program FilesCommon
FilesAdobeAcrobatActiveXAcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser
Helper Objects{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:Documents and SettingsMamkaData
aplikacíMicrosoftInternet Explorerqipsearchbar.dll []
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser
Helper Objects{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
QIPBHO Class - C:Program FilesInternet Explorerqipsearchbar.dll
[2009-07-09 150768]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser
Helper Objects{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - C:Program FilesAsk.comGenericAskToolbar.dll [2009-05-06
1145736]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser
Helper Objects{ee78981f-3768-4f82-9241-9aa5f3712651}]
MAX EN Atube Toolbar - C:Program FilesP2P_MAX_EN_AtubetbP2P1.dll
[2010-02-11 2349080]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionExplorerBrowser
Helper Objects{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:Program FilesSweetIMToolbarsInternet
ExplorermgToolbarIE.dll [2008-10-08 1172792]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet
Explorer - C:Program FilesSweetIMToolbarsInternet
ExplorermgToolbarIE.dll [2008-10-08 1172792]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:Program
FilesICQ6ToolbarICQToolBar.dll [2009-06-01 962808]
{ee78981f-3768-4f82-9241-9aa5f3712651} - MAX EN Atube Toolbar -
C:Program FilesP2P_MAX_EN_AtubetbP2P1.dll [2010-02-11 2349080]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - C:Program
FilesAsk.comGenericAskToolbar.dll [2009-05-06 1145736]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRun]
"Cmaudio"=RunDll32 cmicnfg.cpl,CMICtrlWnd []
"SoundMan"=C:WINDOWSSOUNDMAN.EXE [2006-08-02 577536]
"VTTimer"=C:WINDOWSsystem32VTTimer.exe [2005-03-07 53248]
"VTTrayp"=C:WINDOWSsystem32VTtrayp.exe [2006-03-23 176128]
"WinampAgent"=C:Program FilesWinampwinampa.exe [2009-07-01 37888]
""= []
"Sony Ericsson PC Suite"=C:Program FilesSony
EricssonMobile2Application LauncherApplication Launcher.exe
[2005-10-26 159744]
"SweetIM"=C:Program FilesSweetIMMessengerSweetIM.exe [2009-03-05
111928]
"Adobe Reader Speed Launcher"=C:Program FilesAdobeReader
9.0ReaderReader_sl.exe [2008-06-12 34672]
"ATICCC"=C:Program FilesATI TechnologiesATI.ACEcli.exe [2005-08-06
61440]
"RemoteControl9"=C:Program FilesCyberLinkPowerDVD9PDVD9Serv.exe
[2009-02-16 87336]
"PDVD9LanguageShortcut"=C:Program
FilesCyberLinkPowerDVD9LanguageLanguage.exe [2008-10-13 50472]
"egui"=C:Program FilesESETESET NOD32 Antivirusegui.exe [2009-11-16
2054360]
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun]
"MSMSGS"=C:Program FilesMessengermsmsgs.exe [2004-08-17 1667584]
"ctfmon.exe"=C:WINDOWSsystem32ctfmon.exe [2004-08-17 15360]
C:Documents and SettingsAll UsersNabídka StartProgramyPo
spuštění
ATI CATALYST System Tray.lnk - C:Program FilesATI
TechnologiesATI.ACECLI.exe
AudioDeck.lnk - C:Program FilesVIA Technologies, IncVIA Audio Driver
Setup ProgramAudioDeckAudioDeck.exe
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows
NTCurrentVersionWinlogonNotifyAtiExtEvent]
C:WINDOWSsystem32Ati2evxx.dll [2005-08-04 46080]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindows
NTCurrentVersionWinlogonNotifyWgaLogon]
C:WINDOWSsystem32WgaLogon.dll [2009-03-10 265096]
[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootnetworkUploadMgr]
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesSystem]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionPoliciesexplorer]
"HonorAutoRunSetting"=
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicystandardprofileauthorizedapplicationslist]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:totalcmdTOTALCMD.EXE"="C:totalcmdTOTALCMD.EXE:*:Enabled:Total
Commander 32 bit international version, file manager replacement for
Windows"
"C:Program FilesInternet Exploreriexplore.exe"="C:Program
FilesInternet Exploreriexplore.exe:*:Enabled:Internet Explorer"
"C:Program FilesICQ6ICQ.exe"="C:Program
FilesICQ6ICQ.exe:*:Enabled:ICQ Library"
"C:Program FilesCyberLinkPowerDVD9PowerDVD
CinemaPowerDVDCinema.exe"="C:Program
FilesCyberLinkPowerDVD9PowerDVD
CinemaPowerDVDCinema.exe:*:Enabled:CyberLink PowerDVD 9.0"
"C:Program FilesCyberLinkPowerDVD9PowerDVD9.exe"="C:Program
FilesCyberLinkPowerDVD9PowerDVD9.exe:*:Enabled:CyberLink PowerDVD
9.0"
"C:Program FilesICQ6.5ICQ.exe"="C:Program
FilesICQ6.5ICQ.exe:*:Enabled:ICQ6"
"C:Program FilesQIPqip.exe"="C:Program
FilesQIPqip.exe:*:Enabled:Quiet Internet Pager"
"C:Program FilesSkypePhoneSkype.exe"="C:Program
FilesSkypePhoneSkype.exe:*:Enabled:Skype"
"C:Program FilesAntikVirtualSTBAntikVirtualSTB.exe"="C:Program
FilesAntikVirtualSTBAntikVirtualSTB.exe:*:Enabled:AntikVirtualSTB"
[HKEY_LOCAL_MACHINEsystemcurrentcontrolsetservicessharedaccessparametersfirewallpolicydomainprofileauthorizedapplicationslist]
"%windir%system32sessmgr.exe"="%windir%system32sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:Program FilesCyberLinkPowerDVD9PowerDVD9.exe"="C:Program
FilesCyberLinkPowerDVD9PowerDVD9.exe:*:Enabled:CyberLink PowerDVD
9.0"
======List of files/folders created in the last 1 months======
2010-02-14 10:27:49 ----D---- C:Program Filestrend micro
2010-02-14 10:27:44 ----D---- C:rsit
2010-02-10 10:38:05 ----HDC---- C:WINDOWS$NtUninstallKB978262$
2010-02-10 10:37:50 ----HDC---- C:WINDOWS$NtUninstallKB971468$
2010-02-10 10:35:41 ----HDC---- C:WINDOWS$NtUninstallKB978037$
2010-02-10 10:35:32 ----HDC---- C:WINDOWS$NtUninstallKB975713$
2010-02-10 10:35:18 ----HDC---- C:WINDOWS$NtUninstallKB978251$
2010-02-10 10:35:09 ----HDC---- C:WINDOWS$NtUninstallKB975560$
2010-02-10 10:34:55 ----HDC---- C:WINDOWS$NtUninstallKB977914$
2010-02-10 10:34:37 ----HDC---- C:WINDOWS$NtUninstallKB978706$
2010-02-10 10:34:11 ----HDC---- C:WINDOWS$NtUninstallKB977165$
2010-02-04 20:41:19 ----D---- C:Program FilesAntikVirtualSTB
======List of files/folders modified in the last 1 months======
2010-02-14 10:41:28 ----D---- C:WINDOWSPrefetch
2010-02-14 10:36:49 ----D---- C:WINDOWSTemp
2010-02-14 10:27:49 ----RD---- C:Program Files
2010-02-14 09:36:24 ----D---- C:WINDOWS
2010-02-14 01:16:37 ----A---- C:WINDOWSSchedLgU.Txt
2010-02-12 19:37:46 ----SD---- C:WINDOWSDownloaded Program Files
2010-02-12 19:29:18 ----D---- C:WINDOWSsystem32CatRoot2
2010-02-11 20:06:55 ----D---- C:Program FilesP2P_MAX_EN_Atube
2010-02-10 11:00:26 ----D---- C:WINDOWSsystem32
2010-02-10 10:38:09 ----HD---- C:WINDOWSinf
2010-02-10 10:38:04 ----HD---- C:WINDOWS$hf_mig$
2010-02-10 10:38:01 ----A---- C:WINDOWSimsins.BAK
2010-02-10 10:37:54 ----RSHDC---- C:WINDOWSsystem32dllcache
2010-02-10 10:37:54 ----D---- C:WINDOWSsystem32drivers
2010-02-04 20:49:15 ----RSD---- C:WINDOWSassembly
2010-02-04 20:48:45 ----D---- C:WINDOWSMicrosoft.NET
2010-02-04 20:48:28 ----SHD---- C:Config.Msi
2010-02-04 20:48:26 ----A---- C:WINDOWSsystem32PerfStringBackup.INI
2010-02-04 20:48:06 ----SHD---- C:WINDOWSInstaller
2010-02-04 20:47:30 ----D---- C:WINDOWSWinSxS
2010-02-04 20:46:06 ----D---- C:Program FilesInternet Explorer
2010-02-01 20:26:20 ----A---- C:WINDOWSsystem32MRT.exe
2010-01-29 22:56:11 ----D---- C:Documents and SettingsSlavkaData
aplikacíICQ
2010-01-29 08:13:12 ----D---- C:Program FilesESET
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto,
3=Demand, 4=Disabled)======
R1 AmdK8;AMD Processor Driver; C:WINDOWSSystem32DRIVERSAmdK8.sys
[2005-03-09 36352]
R1 ehdrv;ehdrv; C:WINDOWSsystem32DRIVERSehdrv.sys [2009-11-16
108792]
R1 epfwtdir;epfwtdir; C:WINDOWSsystem32DRIVERSepfwtdir.sys
[2009-11-16 96408]
R2 eamon;eamon; C:WINDOWSsystem32DRIVERSeamon.sys [2009-11-16
116520]
R3 ati2mtag;ati2mtag; C:WINDOWSsystem32DRIVERSati2mtag.sys
[2005-08-04 1273344]
R3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver;
C:WINDOWSSystem32DRIVERSfetnd5.sys [2001-08-17 27165]
R3 usbhub;Rozbočovač umožnující USB2;
C:WINDOWSSystem32DRIVERSusbhub.sys [2004-08-03 57600]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče
USB od společnosti Microsoft; C:WINDOWSSystem32DRIVERSusbuhci.sys
[2004-08-03 20480]
R3 VIAudio;VIA AC'97 Audio Controller (WDM);
C:WINDOWSsystem32driversviaudios.sys [2003-06-16 369920]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM);
C:WINDOWSsystem32driversALCXWDM.SYS [2006-08-18 4017536]
S3 cmuda;C-Media WDM Audio Interface;
C:WINDOWSsystem32driverscmuda.sys [2004-04-23 818496]
S3 GMSIPCI;GMSIPCI; ??E:INSTALLGMSIPCI.SYS []
S3 NTACCESS;NTACCESS; ??E:NTACCESS.sys []
S3 SetupNTGLM7X;SetupNTGLM7X; ??E:NTGLM7X.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB;
C:WINDOWSSystem32DRIVERSusbccgp.sys [2004-08-03 31616]
S3 usbscan;Ovladač skeneru USB; C:WINDOWSsystem32DRIVERSusbscan.sys
[2004-08-03 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB;
C:WINDOWSSystem32DRIVERSUSBSTOR.SYS [2004-08-03 26496]
S3 viagfx;viagfx; C:WINDOWSSystem32DRIVERSvtmini.sys [2006-04-13
252416]
S3 Vsp;Vsp; ??C:WINDOWSSystem32driversVsp.sys []
S3 w200bus;Sony Ericsson W200 driver (WDM);
C:WINDOWSSystem32DRIVERSw200bus.sys [2006-11-07 61504]
S3 w200mdfl;Sony Ericsson W200 USB WMC Modem Filter;
C:WINDOWSSystem32DRIVERSw200mdfl.sys [2006-11-07 9328]
S3 w200mdm;Sony Ericsson W200 USB WMC Modem Driver;
C:WINDOWSSystem32DRIVERSw200mdm.sys [2006-11-07 97056]
S3 w200mgmt;Sony Ericsson W200 USB WMC Device Management Drivers (WDM);
C:WINDOWSSystem32DRIVERSw200mgmt.sys [2006-11-07 88560]
S3 w200obex;Sony Ericsson W200 USB WMC OBEX Interface;
C:WINDOWSSystem32DRIVERSw200obex.sys [2006-11-07 86368]
S3 WpdUsb;WpdUsb; C:WINDOWSSystem32Driverswpdusb.sys [2005-01-28
18944]
S4 IntelIde;IntelIde; C:WINDOWSsystem32driversIntelIde.sys []
S4 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows
Socket 2.0 bez podpory IFS; C:WINDOWSSystem32driversws2ifsl.sys
[2001-10-25 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto,
3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:WINDOWSsystem32Ati2evxx.exe
[2005-08-04 380928]
R2 ekrn;ESET Service; C:Program FilesESETESET NOD32
Antivirusekrn.exe [2009-11-16 735960]
R2 ICQ Service;ICQ Service; C:Program FilesICQ6ToolbarICQ Service.exe
[2009-06-01 222968]
R2 MDM;Machine Debug Manager; C:Program FilesCommon FilesMicrosoft
SharedVS7DEBUGMDM.EXE [2003-06-19 322120]
R2 UMWdf;Windows User Mode Driver Framework;
C:WINDOWSSystem32wdfmgr.exe [2005-01-28 38912]
S2 ATI Smart;ATI Smart; C:WINDOWSsystem32ati2sgag.exe [2005-08-05
516096]
S3 aspnet_state;ASP.NET State Service;
C:WINDOWSMicrosoft.NETFrameworkv2.0.50727aspnet_state.exe
[2007-10-24 33800]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service
v2.0.50727_X86;
C:WINDOWSMicrosoft.NETFrameworkv2.0.50727mscorsvw.exe [2007-10-24
70144]
S3 EhttpSrv;ESET HTTP Server; C:Program FilesESETESET NOD32
AntivirusEHttpSrv.exe [2009-11-16 20680]
S3 gusvc;Google Updater Service; C:Program FilesGoogleCommonGoogle
UpdaterGoogleUpdaterService.exe [2008-11-20 136120]
S3 ose;Office Source Engine; C:Program FilesCommon FilesMicrosoft
SharedSource EngineOSE.EXE [2003-07-28 89136]
-----------------EOF-----------------
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Re: Hacknuty Password.
Po hodně rychlém přeběhnutí jsem nic neviděl. Jinak, proč není v logu vidět backslash (\)? A celkově je text takový rozházený...
1) ComboFix
1) ComboFix
- Stáhněte a uložte na Plochu ComboFix.
- Ještě před spuštěním vypněte rezidentní štít antiviru, či antispywaru.
- Spusťte ho s administrátorským oprávněním.
- Po spuštění se Vám zobrazí licenční podmínky, klikněte na 'Ano'.
- Budete také dotázáni na instalaci konzole pro zotavení, taktéž klikněte na 'Ano'.
- Celý sken bude trvat tak 5-10 minut, v závislosti na tom, kolika soubory se bude CF prodírat.
- Váš PC bude pravděpodobně restartován, tak se toho nelekněte.
- Než úplně skončí sken, nic nedělejte, hlavně neklikejte do spuštěného okna s ComboFixem.
- Po skončení skenu (či následném restartu) na Vás 'vypadne' log, který vkopírujete ve formě textu sem.
- Pokud žádný log 'nevypadne', naleznete jej v umístění C:\ComboFix.txt
inactive
Re: Hacknuty Password.
Ja som s tym nepracoval len som jej poslal postup ktory si napisal no spravilo jej to co bolo v postupe ale vraj jej to aj mazalo neake veci tak ci to je v poriadku.
Tu je ten vysledok:
ComboFix 10-02-12.01 - Slavka 14.02.2010 11:18:32.1.1 - x86
Systém Microsoft Windows XP Professional
5.1.2600.2.1250.420.1029.18.255.48 [GMT 1:00]
Spuštěný z: c:documents and settingsSlavkaPlochaComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated)
{E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy
)))))))))))))))))))))))))))))))))))))))))))))))))
.
c:program filesICQ6.5ICQLRun.exe
c:windowsEventSystem.log
c:windowssystem32vbzlib1.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-14 do
2010-02-14 )))))))))))))))))))))))))))))))
.
2010-02-14 09:27 . 2010-02-14 09:41 -------- d-----w- c:program
filestrend micro
2010-02-14 09:27 . 2010-02-14 09:39 -------- d-----w- C:rsit
2010-02-04 19:41 . 2010-02-12 09:45 -------- d-----w- c:program
filesAntikVirtualSTB
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis
))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-14 10:24 . 2009-07-14 20:33 -------- d-----w- c:program
filesICQ6.5
2010-02-11 19:06 . 2009-10-30 07:49 -------- d-----w- c:program
filesP2P_MAX_EN_Atube
2010-02-04 19:48 . 2001-10-25
12:00 75720 ----a-w- c:windowssystem32perfc005.dat
2010-02-04 19:48 . 2001-10-25
12:00 406500 ----a-w- c:windowssystem32perfh005.dat
2010-01-29 07:13 . 2009-03-30 13:44 -------- d-----w- c:program
filesESET
2009-12-31 16:14 . 2001-10-25
12:00 352640 ----a-w- c:windowssystem32driverssrv.sys
2009-12-21 19:08 . 2001-10-25
12:00 916480 ----a-w- c:windowssystem32wininet.dll
2009-12-17 08:00 . 2009-03-25
13:57 343552 ----a-w- c:windowssystem32mspaint.exe
2009-12-14 07:37 . 2001-10-25
12:00 33280 ----a-w- c:windowssystem32csrsrv.dll
2009-12-09 10:28 . 2001-10-24
11:46 2059904 ----a-w- c:windowssystem32ntkrnlpa.exe
2009-12-09 10:28 . 2001-10-25
12:00 2182528 ----a-w- c:windowssystem32ntoskrnl.exe
2009-12-04 14:41 . 2001-10-25
12:00 453760 ----a-w- c:windowssystem32driversmrxsmb.sys
2009-11-27 17:35 . 2009-03-25
18:05 17920 ----a-w- c:windowssystem32msyuv.dll
2009-11-27 17:35 . 2009-03-25
18:05 1293824 ----a-w- c:windowssystem32quartz.dll
2009-11-27 16:40 . 2001-10-25
12:00 84992 ----a-w- c:windowssystem32avifil32.dll
2009-11-27 16:40 . 2001-10-25
12:00 28672 ----a-w- c:windowssystem32msvidc32.dll
2009-11-27 16:40 . 2001-10-25
12:00 11264 ----a-w- c:windowssystem32msrle32.dll
2009-11-27 16:40 . 2001-10-24
12:25 8704 ----a-w- c:windowssystem32tsbyuv.dll
2009-11-27 16:40 . 2001-10-24
12:24 48128 ----a-w- c:windowssystem32iyuv_32.dll
2009-11-21 16:46 . 2001-10-25
12:00 470528 ----a-w- c:windowsAppPatchaclayers.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru
)))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou
zobrazeny.
REGEDIT4
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
"{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}"= "c:program filesInternet
Explorerqipsearchbar.dll" [2009-07-09 150768]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:program
filesSweetIMToolbarsInternet ExplorermgHelper.dll" [2008-10-08
173368]
"{ee78981f-3768-4f82-9241-9aa5f3712651}"= "c:program
filesP2P_MAX_EN_AtubetbP2P1.dll" [2010-02-11 2349080]
[HKEY_CLASSES_ROOTclsid{a55f9c95-2bb1-4ea2-bc77-dfaab78832ce}]
[HKEY_CLASSES_ROOTqipbar.QIPBHO.1]
[HKEY_CLASSES_ROOTTypeLib{45FF696B-5284-4781-B2CA-ECF3A742A17B}]
[HKEY_CLASSES_ROOTqipbar.QIPBHO]
[HKEY_CLASSES_ROOTclsid{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOTSweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOTTypeLib{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOTSweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_CLASSES_ROOTclsid{ee78981f-3768-4f82-9241-9aa5f3712651}]
[HKEY_LOCAL_MACHINE~Browser Helper
Objects{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
2009-07-09 10:08 150768 ----a-w- c:program filesInternet
Explorerqipsearchbar.dll
[HKEY_LOCAL_MACHINE~Browser Helper
Objects{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-05-06 17:11 1145736 ----a-w- c:program
filesAsk.comGenericAskToolbar.dll
[HKEY_LOCAL_MACHINE~Browser Helper
Objects{ee78981f-3768-4f82-9241-9aa5f3712651}]
2010-02-11 19:06 2349080 ----a-w- c:program
filesP2P_MAX_EN_AtubetbP2P1.dll
[HKEY_LOCAL_MACHINE~Browser Helper
Objects{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 10:22 1172792 ----a-w- c:program
filesSweetIMToolbarsInternet ExplorermgToolbarIE.dll
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:program
filesSweetIMToolbarsInternet ExplorermgToolbarIE.dll" [2008-10-08
1172792]
"{ee78981f-3768-4f82-9241-9aa5f3712651}"= "c:program
filesP2P_MAX_EN_AtubetbP2P1.dll" [2010-02-11 2349080]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:program
filesAsk.comGenericAskToolbar.dll" [2009-05-06 1145736]
[HKEY_CLASSES_ROOTclsid{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOTSWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOTTypeLib{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOTSWEETIE.SWEETIE]
[HKEY_CLASSES_ROOTclsid{ee78981f-3768-4f82-9241-9aa5f3712651}]
[HKEY_CLASSES_ROOTclsid{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOTTypeLib{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USERSoftwareMicrosoftInternet
ExplorerToolbarWebbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:program
filesSweetIMToolbarsInternet ExplorermgToolbarIE.dll" [2008-10-08
1172792]
"{EE78981F-3768-4F82-9241-9AA5F3712651}"= "c:program
filesP2P_MAX_EN_AtubetbP2P1.dll" [2010-02-11 2349080]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:program
filesAsk.comGenericAskToolbar.dll" [2009-05-06 1145736]
[HKEY_CLASSES_ROOTclsid{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOTSWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOTTypeLib{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOTSWEETIE.SWEETIE]
[HKEY_CLASSES_ROOTclsid{ee78981f-3768-4f82-9241-9aa5f3712651}]
[HKEY_CLASSES_ROOTclsid{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOTTypeLib{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"MSMSGS"="c:program filesMessengermsmsgs.exe" [2004-08-17 1667584]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536]
"VTTimer"="VTTimer.exe" [2005-03-07 53248]
"VTTrayp"="VTtrayp.exe" [2006-03-23 176128]
"WinampAgent"="c:program filesWinampwinampa.exe" [2009-07-01 37888]
"Sony Ericsson PC Suite"="c:program filesSony
EricssonMobile2Application LauncherApplication Launcher.exe"
[2005-10-26 159744]
"SweetIM"="c:program filesSweetIMMessengerSweetIM.exe" [2009-03-05
111928]
"Adobe Reader Speed Launcher"="c:program filesAdobeReader
9.0ReaderReader_sl.exe" [2008-06-12 34672]
"ATICCC"="c:program filesATI TechnologiesATI.ACEcli.exe" [2005-08-05
61440]
"RemoteControl9"="c:program filesCyberLinkPowerDVD9PDVD9Serv.exe"
[2009-02-16 87336]
"PDVD9LanguageShortcut"="c:program
filesCyberLinkPowerDVD9LanguageLanguage.exe" [2008-10-13 50472]
"egui"="c:program filesESETESET NOD32 Antivirusegui.exe" [2009-11-16
2054360]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="c:windowsSystem32CTFMON.EXE" [2004-08-17 15360]
c:documents and settingsAll UsersNabˇdka StartProgramyPo
spuçtŘnˇ
ATI CATALYST System Tray.lnk - c:program filesATI
TechnologiesATI.ACECLI.exe [2005-8-6 61440]
AudioDeck.lnk - c:program filesVIA Technologies, IncVIA Audio Driver
Setup ProgramAudioDeckAudioDeck.exe [2009-3-25 581632]
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%\system32\sessmgr.exe"=
"c:\totalcmd\TOTALCMD.EXE"=
"c:\Program Files\ICQ6\ICQ.exe"=
"c:\Program Files\CyberLink\PowerDVD9\PowerDVD
Cinema\PowerDVDCinema.exe"=
"c:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe"=
"c:\Program Files\ICQ6.5\ICQ.exe"=
"c:\Program Files\QIP\qip.exe"=
"c:\Program Files\Skype\Phone\Skype.exe"=
"c:\Program Files\AntikVirtualSTB\AntikVirtualSTB.exe"=
R0 xfilt;VIA SATA IDE Hot-plug
Driver;c:windowssystem32driversxfilt.sys [25.3.2009 15:08 11264]
R1 ehdrv;ehdrv;c:windowssystem32driversehdrv.sys [16.11.2009 9:03
108792]
R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys
[16.11.2009 9:06 96408]
R2 ekrn;ESET Service;c:program filesESETESET NOD32 Antivirusekrn.exe
[16.11.2009 9:04 735960]
R2 ICQ Service;ICQ Service;c:program filesICQ6ToolbarICQ Service.exe
[11.6.2009 13:34 222968]
S0 sptd;sptd;c:windowssystem32driverssptd.sys [30.3.2009 15:11
717296]
S3 SetupNTGLM7X;SetupNTGLM7X;??e:ntglm7x.sys --> e:NTGLM7X.sys [?]
S3 Vsp;Vsp;c:windowssystem32driversvsp.sys [25.3.2009 15:18 3351]
.
Obsah adresáře 'Naplánované úlohy'
2010-02-14 c:windowsTasksScheduled Update for Ask Toolbar.job
- c:program filesAsk.comUpdateTask.exe [2009-05-06 17:11]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2189222
IE: Add to Google Photos Screensa&ver -
c:windowssystem32GPhotos.scr/200
IE: E&xportovať do programu Microsoft Excel -
c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{95289393-33EA-4F8D-B952-483415B9C955} - c:documents and
settingsMamkaData aplikacíMicrosoftInternet
Explorerqipsearchbar.dll
HKLM-Run-Cmaudio - cmicnfg.cpl
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by
Gmer, http://www.gmer.net
Rootkit scan 2010-02-14 11:25
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy
---------------------
- - - - - - - > 'winlogon.exe'(652)
c:windowssystem32Ati2evxx.dll
.
Celkový čas: 2010-02-14 11:28:26
ComboFix-quarantined-files.txt 2010-02-14 10:28
Před spuštěním: 1 864 339 456
Po spuštění: 7 874 387 968
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP
Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - 66F725352FF80FA1ADF97ABF54846F66
Tu je ten vysledok:
ComboFix 10-02-12.01 - Slavka 14.02.2010 11:18:32.1.1 - x86
Systém Microsoft Windows XP Professional
5.1.2600.2.1250.420.1029.18.255.48 [GMT 1:00]
Spuštěný z: c:documents and settingsSlavkaPlochaComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Updated)
{E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Rezidentní štít AV je zapnutý
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy
)))))))))))))))))))))))))))))))))))))))))))))))))
.
c:program filesICQ6.5ICQLRun.exe
c:windowsEventSystem.log
c:windowssystem32vbzlib1.dll
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-01-14 do
2010-02-14 )))))))))))))))))))))))))))))))
.
2010-02-14 09:27 . 2010-02-14 09:41 -------- d-----w- c:program
filestrend micro
2010-02-14 09:27 . 2010-02-14 09:39 -------- d-----w- C:rsit
2010-02-04 19:41 . 2010-02-12 09:45 -------- d-----w- c:program
filesAntikVirtualSTB
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis
))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-14 10:24 . 2009-07-14 20:33 -------- d-----w- c:program
filesICQ6.5
2010-02-11 19:06 . 2009-10-30 07:49 -------- d-----w- c:program
filesP2P_MAX_EN_Atube
2010-02-04 19:48 . 2001-10-25
12:00 75720 ----a-w- c:windowssystem32perfc005.dat
2010-02-04 19:48 . 2001-10-25
12:00 406500 ----a-w- c:windowssystem32perfh005.dat
2010-01-29 07:13 . 2009-03-30 13:44 -------- d-----w- c:program
filesESET
2009-12-31 16:14 . 2001-10-25
12:00 352640 ----a-w- c:windowssystem32driverssrv.sys
2009-12-21 19:08 . 2001-10-25
12:00 916480 ----a-w- c:windowssystem32wininet.dll
2009-12-17 08:00 . 2009-03-25
13:57 343552 ----a-w- c:windowssystem32mspaint.exe
2009-12-14 07:37 . 2001-10-25
12:00 33280 ----a-w- c:windowssystem32csrsrv.dll
2009-12-09 10:28 . 2001-10-24
11:46 2059904 ----a-w- c:windowssystem32ntkrnlpa.exe
2009-12-09 10:28 . 2001-10-25
12:00 2182528 ----a-w- c:windowssystem32ntoskrnl.exe
2009-12-04 14:41 . 2001-10-25
12:00 453760 ----a-w- c:windowssystem32driversmrxsmb.sys
2009-11-27 17:35 . 2009-03-25
18:05 17920 ----a-w- c:windowssystem32msyuv.dll
2009-11-27 17:35 . 2009-03-25
18:05 1293824 ----a-w- c:windowssystem32quartz.dll
2009-11-27 16:40 . 2001-10-25
12:00 84992 ----a-w- c:windowssystem32avifil32.dll
2009-11-27 16:40 . 2001-10-25
12:00 28672 ----a-w- c:windowssystem32msvidc32.dll
2009-11-27 16:40 . 2001-10-25
12:00 11264 ----a-w- c:windowssystem32msrle32.dll
2009-11-27 16:40 . 2001-10-24
12:25 8704 ----a-w- c:windowssystem32tsbyuv.dll
2009-11-27 16:40 . 2001-10-24
12:24 48128 ----a-w- c:windowssystem32iyuv_32.dll
2009-11-21 16:46 . 2001-10-25
12:00 470528 ----a-w- c:windowsAppPatchaclayers.dll
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru
)))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou
zobrazeny.
REGEDIT4
[HKEY_CURRENT_USERSoftwareMicrosoftInternet ExplorerURLSearchHooks]
"{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}"= "c:program filesInternet
Explorerqipsearchbar.dll" [2009-07-09 150768]
"{EEE6C35D-6118-11DC-9C72-001320C79847}"= "c:program
filesSweetIMToolbarsInternet ExplorermgHelper.dll" [2008-10-08
173368]
"{ee78981f-3768-4f82-9241-9aa5f3712651}"= "c:program
filesP2P_MAX_EN_AtubetbP2P1.dll" [2010-02-11 2349080]
[HKEY_CLASSES_ROOTclsid{a55f9c95-2bb1-4ea2-bc77-dfaab78832ce}]
[HKEY_CLASSES_ROOTqipbar.QIPBHO.1]
[HKEY_CLASSES_ROOTTypeLib{45FF696B-5284-4781-B2CA-ECF3A742A17B}]
[HKEY_CLASSES_ROOTqipbar.QIPBHO]
[HKEY_CLASSES_ROOTclsid{eee6c35d-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOTSweetIM_URLSearchHook.ToolbarURLSearchHook.1]
[HKEY_CLASSES_ROOTTypeLib{EEE6C35F-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOTSweetIM_URLSearchHook.ToolbarURLSearchHook]
[HKEY_CLASSES_ROOTclsid{ee78981f-3768-4f82-9241-9aa5f3712651}]
[HKEY_LOCAL_MACHINE~Browser Helper
Objects{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}]
2009-07-09 10:08 150768 ----a-w- c:program filesInternet
Explorerqipsearchbar.dll
[HKEY_LOCAL_MACHINE~Browser Helper
Objects{D4027C7F-154A-4066-A1AD-4243D8127440}]
2009-05-06 17:11 1145736 ----a-w- c:program
filesAsk.comGenericAskToolbar.dll
[HKEY_LOCAL_MACHINE~Browser Helper
Objects{ee78981f-3768-4f82-9241-9aa5f3712651}]
2010-02-11 19:06 2349080 ----a-w- c:program
filesP2P_MAX_EN_AtubetbP2P1.dll
[HKEY_LOCAL_MACHINE~Browser Helper
Objects{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-10-08 10:22 1172792 ----a-w- c:program
filesSweetIMToolbarsInternet ExplorermgToolbarIE.dll
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftInternet ExplorerToolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:program
filesSweetIMToolbarsInternet ExplorermgToolbarIE.dll" [2008-10-08
1172792]
"{ee78981f-3768-4f82-9241-9aa5f3712651}"= "c:program
filesP2P_MAX_EN_AtubetbP2P1.dll" [2010-02-11 2349080]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:program
filesAsk.comGenericAskToolbar.dll" [2009-05-06 1145736]
[HKEY_CLASSES_ROOTclsid{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOTSWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOTTypeLib{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOTSWEETIE.SWEETIE]
[HKEY_CLASSES_ROOTclsid{ee78981f-3768-4f82-9241-9aa5f3712651}]
[HKEY_CLASSES_ROOTclsid{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOTTypeLib{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USERSoftwareMicrosoftInternet
ExplorerToolbarWebbrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "c:program
filesSweetIMToolbarsInternet ExplorermgToolbarIE.dll" [2008-10-08
1172792]
"{EE78981F-3768-4F82-9241-9AA5F3712651}"= "c:program
filesP2P_MAX_EN_AtubetbP2P1.dll" [2010-02-11 2349080]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:program
filesAsk.comGenericAskToolbar.dll" [2009-05-06 1145736]
[HKEY_CLASSES_ROOTclsid{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOTSWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOTTypeLib{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOTSWEETIE.SWEETIE]
[HKEY_CLASSES_ROOTclsid{ee78981f-3768-4f82-9241-9aa5f3712651}]
[HKEY_CLASSES_ROOTclsid{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOTTypeLib{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOTGenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"MSMSGS"="c:program filesMessengermsmsgs.exe" [2004-08-17 1667584]
[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"SoundMan"="SOUNDMAN.EXE" [2006-08-02 577536]
"VTTimer"="VTTimer.exe" [2005-03-07 53248]
"VTTrayp"="VTtrayp.exe" [2006-03-23 176128]
"WinampAgent"="c:program filesWinampwinampa.exe" [2009-07-01 37888]
"Sony Ericsson PC Suite"="c:program filesSony
EricssonMobile2Application LauncherApplication Launcher.exe"
[2005-10-26 159744]
"SweetIM"="c:program filesSweetIMMessengerSweetIM.exe" [2009-03-05
111928]
"Adobe Reader Speed Launcher"="c:program filesAdobeReader
9.0ReaderReader_sl.exe" [2008-06-12 34672]
"ATICCC"="c:program filesATI TechnologiesATI.ACEcli.exe" [2005-08-05
61440]
"RemoteControl9"="c:program filesCyberLinkPowerDVD9PDVD9Serv.exe"
[2009-02-16 87336]
"PDVD9LanguageShortcut"="c:program
filesCyberLinkPowerDVD9LanguageLanguage.exe" [2008-10-13 50472]
"egui"="c:program filesESETESET NOD32 Antivirusegui.exe" [2009-11-16
2054360]
[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"CTFMON.EXE"="c:windowsSystem32CTFMON.EXE" [2004-08-17 15360]
c:documents and settingsAll UsersNabˇdka StartProgramyPo
spuçtŘnˇ
ATI CATALYST System Tray.lnk - c:program filesATI
TechnologiesATI.ACECLI.exe [2005-8-6 61440]
AudioDeck.lnk - c:program filesVIA Technologies, IncVIA Audio Driver
Setup ProgramAudioDeckAudioDeck.exe [2009-3-25 581632]
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%\system32\sessmgr.exe"=
"c:\totalcmd\TOTALCMD.EXE"=
"c:\Program Files\ICQ6\ICQ.exe"=
"c:\Program Files\CyberLink\PowerDVD9\PowerDVD
Cinema\PowerDVDCinema.exe"=
"c:\Program Files\CyberLink\PowerDVD9\PowerDVD9.exe"=
"c:\Program Files\ICQ6.5\ICQ.exe"=
"c:\Program Files\QIP\qip.exe"=
"c:\Program Files\Skype\Phone\Skype.exe"=
"c:\Program Files\AntikVirtualSTB\AntikVirtualSTB.exe"=
R0 xfilt;VIA SATA IDE Hot-plug
Driver;c:windowssystem32driversxfilt.sys [25.3.2009 15:08 11264]
R1 ehdrv;ehdrv;c:windowssystem32driversehdrv.sys [16.11.2009 9:03
108792]
R1 epfwtdir;epfwtdir;c:windowssystem32driversepfwtdir.sys
[16.11.2009 9:06 96408]
R2 ekrn;ESET Service;c:program filesESETESET NOD32 Antivirusekrn.exe
[16.11.2009 9:04 735960]
R2 ICQ Service;ICQ Service;c:program filesICQ6ToolbarICQ Service.exe
[11.6.2009 13:34 222968]
S0 sptd;sptd;c:windowssystem32driverssptd.sys [30.3.2009 15:11
717296]
S3 SetupNTGLM7X;SetupNTGLM7X;??e:ntglm7x.sys --> e:NTGLM7X.sys [?]
S3 Vsp;Vsp;c:windowssystem32driversvsp.sys [25.3.2009 15:18 3351]
.
Obsah adresáře 'Naplánované úlohy'
2010-02-14 c:windowsTasksScheduled Update for Ask Toolbar.job
- c:program filesAsk.comUpdateTask.exe [2009-05-06 17:11]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2189222
IE: Add to Google Photos Screensa&ver -
c:windowssystem32GPhotos.scr/200
IE: E&xportovať do programu Microsoft Excel -
c:progra~1MICROS~2OFFICE11EXCEL.EXE/3000
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
BHO-{95289393-33EA-4F8D-B952-483415B9C955} - c:documents and
settingsMamkaData aplikacíMicrosoftInternet
Explorerqipsearchbar.dll
HKLM-Run-Cmaudio - cmicnfg.cpl
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by
Gmer, http://www.gmer.net
Rootkit scan 2010-02-14 11:25
Windows 5.1.2600 Service Pack 2 NTFS
skenování skrytých procesů ...
skenování skrytých položek 'Po spuštění' ...
skenování skrytých souborů ...
sken byl úspešně dokončen
skryté soubory: 0
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy
---------------------
- - - - - - - > 'winlogon.exe'(652)
c:windowssystem32Ati2evxx.dll
.
Celkový čas: 2010-02-14 11:28:26
ComboFix-quarantined-files.txt 2010-02-14 10:28
Před spuštěním: 1 864 339 456
Po spuštění: 7 874 387 968
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)WINDOWS
[operating systems]
c:cmdconsBOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)WINDOWS="Microsoft Windows XP
Professional" /fastdetect /NoExecute=OptIn
- - End Of File - - 66F725352FF80FA1ADF97ABF54846F66
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Re: Hacknuty Password.
Strašně blbě se v tom vyzná, když chybí backslash, zkusím si ušetřit práci. 
1) Malwarebytes' Anti-Malware
1) Malwarebytes' Anti-Malware
- Stáhněte MbAM a postupujte podle popisu.
- Zatím nic nemažte, MbAM má občas falešné detekce.
- Poté mi sem vložte log ve formě textu.
inactive
Re: Hacknuty Password.
Tak to uz pojdem k nej na jej PC robit lebo vraj to nechce sama skusat, ja som to skusal aj na svojom PC ten program ale nehodil som sa do administratora a vadila mu nodka atd no a teraz po Restarte pc mi stale neak zvlastne pipa PC, jak to odstranim?
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Re: Hacknuty Password.
Pipa mi to po kazdom restartovani 
-
Unlimited_Killer
- Přítel fóra
- Příspěvky: 1969
- Registrován: 24 srp 2009 16:18
Re: Hacknuty Password.
Po nacitani windovsu velmi hlasno a nepriemne pipne co doteraz nerobilo.
Přispějete na provoz fóra?